® 



J 



Europaisches Patentamt 
European Patent Office 
Office europeen des brevets 



© Publication number: 



0 588 339 A2 



EUROPEAN PATENT APPLICATION 



0 Application number: 93114917.3 
{§) Date of filing: 16.09.93 



<£> int. CI. 5 : G07F 7/10, G06F 15/30 



© 


Priority: 18.09.92 JP 249293/92 


1927, Nagasawa 




18.09.92 JP 249294/92 


Yokosuka-shi, Kanagawa(JP) 




18.11.92 JP 308688/92 


Inventor: Sakita, Kazutaka 




26.11.92 JP 317254/92 


2-14-1-613, Kaneya 




26.11.92 JP 317255/92 


Yokosuka-shi, Kanagawa(JP) 






Inventor: Miyaguchi, Shoji 




Date of publication of application: 


5-20-19, Bessho, 




23.03.94 Bulletin 94/12 


Ninami-ku 






Yokohama-shi, Kanagawa(JP) 


© 


Designated Contracting States: 


Inventor: Okamoto, Tatsuaki 


DE FR GB 


94-2-5-503, Nagasawa 






Yokosuka-shi, Kanagawa(JP) 


© 


Applicant: NIPPON TELEGRAPH AND 


Inventor: Fujioka, Atsushi 


TELEPHONE CORPORATION 


B-305, 9-2-12, Sugita, 




1-6 Uchisaiwai-cho 1-chome 


Isogo-ku 




Chiyoda-ku 


Yokohama-shi, Kanagawa(JP) 




Tokyo(JP) 






Inventor: Ishiguro, Ginya 


0 Representative: Hoffmann, Eckart 


Gurin Haitsu 12-2-403, 


Patentanwalt, 




580, Nagasawa 


Blumbach & Partner, 




Yokosuka-shi, Kanagawa(JP) 


Bahnhofstrasse 103 




Inventor: Muta, Toshiyasu 


D-82166 Grafelfing (DE) 



@ Method and apparatus for settlement of accounts by IC cards. 
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@ An IC card (6) has a card information memory 
area wherein there are written a master public key 
nA, card secret keys pU and qU, a card public key 
nU, a card identification number IDU, and a first 
master digital signature SA1 for information including 
the card identification number. An IC card terminal 
(2a,2b) has terminal information memory area 
wherein there are written a master public key nA. 
terminal secret keys pT and qT, a terminal public 
key nT, a terminal identification number IDT. and a 
second master digital signature SA2 for information 
including the terminal identification number IDT. 
When inserted into the IC card terminal, the IC card 
sends thereto the data nU. IDU. and-SAL The IC 
card terminal verifies the digital signature SA1 by 
the master public key nA and. if it is valid, transmits 
the data nT, IDT and SA2 to the IC card. The IC 
card verifies the digital signature SA2 by the master 
public key nA and, if it is valid, transmits information 



corresponding to the current remainder value V to 
the IC card terminal. The IC card terminal makes a 
check to see if the received information correspond- 
ing to the remainder value V is appropriate, and if 
so, becomes enabled for providing a service. 
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BACKGROUND OF T H E MNVE NT I O N * 4 ""' ' ' 

The present invention relates to a method and 
apparatus for settlement of accounts by IC cards 
which are used as prepaid cards of credit' cards. 1 

For instance, in an IC card which is used as a 
prepaid card, there fs written the amount of money 
paid for its purchase, and before or after receiving 
a service the card user inserts th'e IC card 'into an 
IC card terminal, wherein the remaining Value after 
subtracting the charge for ihe service from the - 
initial value is transmitted t6* and written into the IC 
card. 

In a conventional system' of this kind, the IC 
card and the IC card terminal use the same cipher 
system and have the same secret key and commu- 
nicate to each other the balance information enci- 
phered by the common secret key. IC card and IC 
card terminal are designed so" that such a secret 
key cannot be found nor can it be altered even if 
IC card terminal .should be revealed to an outsider. 

On the other hand, in the case of an IC card for 
use as a credit card, its identification number and 
other necessary information are preregistered and 
the user, is allowed to receive his desired service' 
when inserting the iC card into an IC card terminal 
and is charged for the' service afterward. In a y 
conventional IC credit card system, upon insertion 
of the I C card 'into the IC' card terminal, the tatter is 
connected online ,to a management center where ^ 
IC card identification numbers and other user in- 
formation are" registered, then the user inputs his 
registration number and other required information" 
by dialing, the thus input information is sent to the " 
management center, wherein the user information 
registered in advance is used to verify the^ 'validity 
of the user. After the user's validity is thus proved, 
the user is allowed to receive his or her desired 
service at, the IC card terminal. . 

Such an IC credit card system similarly adopts/ 
with a view to providing increased security, a meth- 
od in whtich; the IC' card and the IC card terminal 
use the . .same cryptographic scheme and have the ; 
same secret ' key /and they each authenticate the 
other's, validity; a password 'Input into^the IC termi-'' 
nal is checke^with'itis counterpart prestcred in the 
IC card; the IC card identification number read out 
of the IC card is sent from the IC card terminal 1 to 
the management, center which has a data base of 
identification numbers and other infprnhation of IC 
cards; the IC card identification number is verified 
in the . management center; the result of the ver- 
ification js transmitted to the IC card terminal; and ' 
when the IC card identification thus checked in the 
management, center is valid, the service specified 
by the card user, starts through the IC card termi- 
nal. In some cases, the IC card and the manage- 
ment center each authenticate the other's ' validity 



: ' vvi; directly through-use oNhe same secret: keyn 

'■ "•' The conventional methods mentioned-above all, ; P 
'•'call for communication > between :the management • 
' center and the IC card terminal and online process- 
's - v - ing for verification'- before 1 or after the .service is 
: provided/ and 1 hence- they have shortcomings that . 
t: -' ' the management center facility is inevitably large- 
' " ;? scale and that the charge for the service includes 
; communication expenses. Moreover, the history of 
to ' service can- be stored in the management center or 
IC card but 1 difficulty is encountered in proving that . 
the stored ' contents 1 are not false. Although it is 
almost impossible 'to 'falsify the stored contents of 
the IC card unless the secret key is let out. the . 
is secret key information in the IC card on. IC card 
' " terminal "is ''not • perfectly protected and .may. in. 
some cases= leak- out- in a long time. In the case 
where the cryptographic scheme used is broken by • 
' third parties and many IC terminals are used by • 
20 r them, particularly 1 in the event that IC cards and IC 
terminals are abused by ! unauthorized persons over- 
a wide range, it is very difficult to change all of the 
' ! secret keys- at the same time-this. poses a serious 
' ' social problem as well-intentioned users cannot use 
25'°-' their IC cards for* a long period of time, for in- 
: " • stance. ' ■ - * ' 4,1 "• • , 

r -~- SUMMARY OF THE INVENTION , . , 

1 It is tnerefore an object .of the. present invention 
to provide a'method'and apparatus for the- payment ... 
of charges by IC cards which eliminate the need . 
for communication between the management cen-,.. 
ter and the- IC card terminal each time the , card ■ r 
user inserts his IC dard' into. the ! lattento receive his 
desired' service and- which 'permit detection ;jl pf 
abuse of a forged IC card or intentionally altered. IC . 
card terminal. 

In the method for' the payment of charges by. 
IC 4 cards according to 'a first aspect of the present ■ 
invention, the respective IC card, has prestored in 
5 * " its memory means a master public key nA for 
' " : verifying a Waster "digital signature SA. a card 
•' ' identification number IDU for specifying the IC card 
45 arid a. first master digital- signature- SA1 .for. informa- 
tion containing at least the card identification num- 
ber IDU, and the IC card terminal has prestored in 
its terminal memory the above-mentioned master 
public key nA, a terminal identification number IDT . 
so' for specifying the IC card terminal and a second 
master digital signature SA2 for information includ- 
ing at least the above-mentioned terminal iden- 
tification number IDT. This method includes: - <- . - 
a 'step wherein the IC card transmits at least. 
55 the card identification number IDU. and the first 
master digital ' signature SA1 to the IC card .term \- 
nal; ' ■ ■ ... 

a step-wherein the IC card terminal certifies the, 
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validity of the first* master digital .{signature*. jS'AV-i 
through use of ther 'master public"key flA and -the t 
card identification number- IDU received from, the <!<?: , 
card; '* ; '"" ■.>-•*• :«■ r. 

a step wherein when the first i master-, digital., 
signature SA1 is valid, the IC card)- terminal trans-.; 
mits at least the terminal identif ication* number. IDT .- 
and the second master digital signature ;SA2 to the., 
IC card: ' . r. iv 

a step wherein the IC card verifies the validity 
of the second master digital signature SA2 through i. 
use of the master public key nA and the terminal _ 
identification number IDT received -torn. the IC card , 
terminal; and ' •'- '■• - i 

a step'whe'rem when the :second . master .digital 
signature SA2 is 'valid; the ;IC card,. Jejrni nal .gen- < t 
erating a value V corresponding toithe charge for- a 
service specified by the IC card after the j service is , 
provided; ' . , 

In the method for- the payment. of charges, by,- 
IC cards according < to- a second v aspect of the 
present invention,- the respective IC card : has card <■ 
information memory -means wherein. ithere, are writ- 
ten, as card information, from a- management ,cen-. 
ter a card identification number IQU,.a predeter- 
mined password setting number Ns, a second mas- 
ter digital signature SA2 for the password setting 
number Ns. a first master digital signature SA1 for/ 
information containing the card identification num- 
ber IDU • and the '» second master : digital signature, . 
SA2 and an IC card terminal has terminal informa- . 
tion memory means wherein.. there .are written, .as :o 
terminal information, frGm the management, center, 
a master public key n A. for ..verifying .the; master .. 
digitai signatures, terminal secret; keys pT-and .qT, _ 
for creating a 'terminal digital signature and a termi- . 
nal public key nT for verifying the terminal .digital 
signature. This method includes: 

a step wherein the -I.C' card transmi'ts,,the card 
identification number IDU rand the first and second 
master' digital signatures SA1 and SA2 to the IC 
card terminal: , • ■ " 

a step- wherein the JC card, terminal verifies the 
validity of the- first - master digital, signature : SA1 ; 
and. if it- is valid. 'prompts the card user to input a 
password Nc' and transmits.it to the.-IC card after it^ 
is input": " • • . 

a step wherein the IC card matches the pass : , 
word Nc' received from =the IC card terminal with 
the password Nc stored in the card . information, 
memory and, if 'they match, transmits - an authen- - 
tication signal to the IC card terminal: and . < 

a step wherein upon receiving the authenti.ca: 
tion signal, the IC card terminal becomes enabled . 
for providing a service, and after the .service, the IC 
card terminal records information including a value.- 
V corresponding to the charge for the service ren- 
dered and the card .identification .number. IDU re-. 
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.ceived from the IC card, , as, usage/management 
information, in usage/management information 

.memory means, f r . . ..... . ( . ; . 

According, to a third . aspect of' the present 

invention, the IC card includes: 

; card information, memory means for recording 

.a master . public .key nA. for. verifying a master'' 

, digital signature SA created using master secret 

t keys pA and.qA, a. card identification number IDU 
for specifying or. identifying the JC card, card secref 
keys pU 5 ano .qU for creating a digital signature, a 

. card public key nU for verifying the digital signa- 
ture, and a first master digital signature SA1 for 
information, containing the card identification num- 
ber IDU , and the card public . key nU, the' first fc 

, master digital signature .SA1 being created using 

. the maste/ secret keys pA and qA; ' . 

means for transmitting the card identification 
number |DU, the card 'public key nU and the first 

, master digital signature SA1 to the i'C card* 'termi-" 
nal; 

means which receives a terminal identification 
number IDT. a terminal public key nT and.a sec- 
ond master digital signature SA2 from the IC card' 
terminal, verifies the second master' digital signal 
SA2 through use of the master public key nA 
recorded in, the card information memory means 
and, if it is valid, transmits to the IC card terminal 
an authentication signal which enables it for p'rovid- 
ing a service; and 

usage information memory means for record"-' 
ing usage information including' the remaining' value 
V updated, by. subtracting using the charge for the' 
service rendered. - 

According to a fourth 'aspect of the present 
invention, the IC card terminal includes: 

memory means for recording a master 1 public 
key nA ; for verifying a master digital signature SA 
created using master secret' keys pA and qA, a 
terminal .identification number IDT for identifying' 
the IC card terminal, terminal secret keys pT 'and' 
qT for creating a terminal digital signature, a termi- 
nal public key nT' for verifying the terminal digital 
signature and a second master digital' signature 
SA2 for information including, the terrriihal iden- 
tification number IDT and the 'terminal; public key 
nT. the second master digital signature SA2'66ing J 
created using the imaster secret keys pA and qA; ; 

means for transmitting the terminal public key 
nT. the .terminal identification number' IDT and the 
second master digital signature SA2 to ah IC card; 

means which receives a card identification 
number IDU. a card public key nU and a first 
master digital signature SA1 from the IC card', 
verifies the first master digital signature through 
use of. the master public key recorded in the mem- 
ory means and, if it is valid, enables the IC card 
terminal for providing a service; and 
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means which updates remaining value' through- 
use of the charge for the service rendered 1 'and 
transmits to the'lC^^rd' usage" information- including 
the updated remaining value. 

A digital signature 1 scheme capable of proving'' ! 5 
that a person who transmitted digital information 5 • ' 
acknowledged it, just like '"he 'puts* his seal to ' a '--".v* 
document, is' already established as disclosed in- •-" 
for example, "E.SIGN: An Efficient Digital Signature ■•" 
Scheme," NTT R&D Vol. '40; No. 5. 1991, ; pp687- ;o ,: 
686. or U.S. Patent No. 4,625,076. According^ the ' 
digital signature scheme/ a document M and a 
secret key Q are used and a digital signature S(M) ' ' ' 
is created using a signature treating function, then- 
the signature S(M) and the document M are trans- ; " 'is 
mitted to the other party. The other party performs 
a computation by substituting" the' received docu : 
ment M and signature S(M) and a public key' U into 
a signature verifying function.' If the computed re- 
sult satisfies predetermined conditions, then it is 20 s 
verified that the digital signature S(M) was attached * : 
to the document M by a person having the secret 
key Q, and 'he cannot' deny the fact. In this' in- 
stance, the' Q. and U are different prime numbers' of '■ 
extremely Jarge' values (that is.' Q * U), and 'this ! 25 ' 
scheme features a mathematical' property 'that the 
value Q cannot be computed even if the value of U "•: 
is known. Furthermore, even if slightly altered; the ! 1 
document can be proved invalid: lt r is set forth in"- 
the above-noted literature' ! that' these digital signa- '30 
ture functions could be 'executed 'within a practical • * : 
processing'time oh the scale of 'a program mount- . ; " 
able on IC cards, through utilization of 'an algorithm " '- 
called ES1SN."' : ' ' ( " " :V " ' ' ' ; ] ' : '' 
Other digital signature schemes applicable to * 35 
the present .invention are an EIGamal scheme (T.- " f - 
E. EIGamal: A public key cryptosystem and a sig- 
nature scheme based on discrete algorithm, Proc* 
of Crypto*84, 1984), a DSA (Digital Signature Ai- * ' 
gorithm, made public by the" National Institute of ' c 40 
Standards and* Technology of the U.S. Department :rr : >' 
of Commerc.e) 'scheme, and a Micali-Shamtr - 
scheme* \s. Micali' and A. Shamir: An improvement* ' 
of the Fiat-Shamir identification and' signature -• 
schemed Proc.' of CrVpto 'SS! pp244-247; 1988)," for 45 
instance. . / 

BRIEF DESCRIPTION QFThE DRAWINGS 

Fig. 1 is a block diagram illustrating the system ' 50 
configuration of an embodiment of the present • 
invention; 

Fig. 2 is a block diagram showing an example' of- • 

the configuration of an IC card terminal; 

Fig. 3 is a block diagram showing an example of ' 55 

the configuration of an IC card; 

Fig. 4A Is a diagram showing processing of a 

management center for setting the IC card ter : - 



minal; *: - <> 'i >.j .* U . '.-,?{:. .:i^v v r-- * , 
Fig. 4B -is ^-diagram -showing, processing,. Qf. an (5 
IC card dispenserrwhen dispensing the IG card; 
Fig. 4'G ; is a diagram showing procedures^ be- ., , 
tween-the IC card- and the \Q card dispenser for 
dispensing and recharging the. latter; 
Fig. 5ns-,a diagram showing procedures between , 
the IG card: and the.. IC card terminal; 
Fig. 5A..is. a functional .block diagram of the JC, 
card in the embodiment -.of Fig. 5;, 
Fig. 5B, is." a- functional block diagram of the IC 
card terminal in the embodiment of Fig. 5; 
Fig. 6 -is a diagram .shewing another example of . 
the procedure between the IC card . and the ICj 
card terminal;- ,, . , ~ 

Fig. 7 is a diagram.- showing, by way,of l; examp)e, 
procedures between the IG card, the ICcard 
terminal and' the management center at,the.«time 
of writing amount-of-money- information into .the 
IC card; ' - 

Fig. 8 is a block-diagram showing the distribu- 
tion of encrypting keys for cipher communicar.; 
tion between the IC card, the IC card terminal. 
the IC card, dispenser and the management cen- 
ter; . ■ , . - ' 
Fig. 9 is* a diagram showing the payment of. 
charges -by the IC . card according to another 
embodiment of the present invention; 
Fig. 10 is a -diagram illustrating a modified form 
' of the Fig.. : 5 embodiment which, utilizes a time . 
stamp; 1 .> ■ .. ; ; • . 
Fig. -1.1; is a diagram -showing a time , stamp . 
updating algorithms ■ • .<.•. ■. - , - 
Fig. 12 is a diagram illustrating a -modification of 
'•' the Fig: 1 0 embodiment which employs random 
numbers; • .• >< ; 
Fig. '13 is a diagram . showing procedures, for 
registering r a password in an IC card applied tq a 
credit card, by use .of the.JOcard terminal: 
Fig. 14 is a diagram , showing.., procedures for 
receiving a service by! use .of the IC card, with 
the password registered therein by the process 
depicted in Fig. '13; j . ... 
Fig. 1 5 is a diagram showing another example 
of the password registration procedure; ,. , 
Fig. 16' is a: diagram showing procedures for 
receiving a service by use of an IC card with the 
password registered therein by the process de- 
picted in Fig. 15; and - , 
Fig. 17 is a diagram illustrating another embodi-. 
ment of procedures for receiving a service .by 
use of an IC card applied to a credit card.-. 

DESCRIPTION OF THE PREFERRED EMBODI- 
MENTS " " ' ■.>::> 

In Fig. -1 there is illustrated in block form an 
example of the configuration. o.f a -card -system for 
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making the payment of charges through use of an r ••«• 
IC card according/ t6- the present inventionMC card: 
terminals : £a; 2b, ! \..' perform processing .for:. the: ... 
payment of charges for services rendered to. an tCr- • 
card 6. For example/ when the IC Card 6- is *a * • \ -5 
prepaid telephone card, the IC ■ card' terminals; '2a,..;-; -j 
2b, ... provide service by telephone. The 'IC card-' 
terminals 2a, 2b, .... when installed/ 1 are each con- ■ 
nected via a communication network. 3 to a man- 
agement center 4 which sets' and holds security; r- .-.f.o 
information under its control. In the following , de-- :/i 
scription the IC card terminals will be indicated 
generally by a numeral 2 except ?when:„a particular . .. . 
one of them' is intended. The IC card. 6' hasHniti.al , 
data written by the IC card dispenser 5 when it. is 7.5 
issued, and security information necessary : for the . ; 
IC card 6 is provided from the management center t 
4. Incidentally, Vn ; the 'case where some functions of ■ 51 
the management center- 4 are mounted; on a porta-., - 
ble telephone terminal or the like so that they are*, 
brought to the place where the IC card -terminal 2 
is located, the IC card ' terminal 2. need. not always 
be connected via the communication network 3: :to 
the management center 4 when it is installed. < 

Fig. 2 illustrates an example of the internal 
configuration-' of the IC card terminal 2-. and Fig. 3 .■ 
an example of the internal configuration of ;the.: IC 
card 6. The IC card terminal 2 comprises an .IC • 
card reader/writer '1 1' which reads and iwrites^he IC '• 
card 6 inserted thereinto, function -buttons 12 as of<; . 30 
a keyboard, a display 13, a telephone controller 14. : , 
a network interface 15 for processing -communfca- o;-; 
tion via the communication network 3ra handset 16 
and a speech circuit 17. 1- • • ;• ;■ 

In the' IC card' S ' there -are stored. in a ROM 61 ^\\35 
programs for IC card procedures, digital signature- .-, 
creating and' verifying algorithms and so forth, and — 
a CPU 63 controls the entire processing of -the IC 
card while utilizing- a RAM 62 as? a work area. and 
communicates with the ICcard reader/writer ■ 1 1 of. t l 40 
the IC card terminal' 2 via an- I/O' interface 65 and ; , 
contacts 66-. ! 

Fig. 4A shows the process that is performed 
when the IC card terminal ' 2 is- installed. The IC. 1 
card terminal 2 receives from the management 45 
center' 4 'such " pieces' of terminal . information as, < 
listed below 'when it is installed. . - - ■ 1 

(1) Master public key' nA for verifying a master . 
digital signature of the management center. 4; . 

(2) Terminal secret keys pT and qTTor the IC • so 
card terminal 2 to create a digital signature; , 

(3) Terminal public key nT for verifying the 
digital signature of the IC card terminal 2; 

(4) " Terminal identification number v IOT for iden- . ■. 
tifying the IC card terminal 2; and ; ;55 

(5) Master digital signature SA(nT:*IDT) by the 
management center for the terminal public key 

nT and"' the terminal identification . number IDT, - - .. 



where. the. symbol. represents. .concatenatipn- 
-for example ?; OOi:Oldi '== QOIOIOlV . 
After, receiving these pieces of information, the . 
IC card terminal 2 verifies the validity of the master 
digital signature • SA(nj:iDT) through" use of the" 
terminal public. , key nT, ,the terminal identificaion 
number IDT and .the master public key nA. and if 
the master digital signature SA(nT'IDT) is valid, 
then theJC. card terminal 2 records, these pieces of 
information in a terminal information area 2Mj of a 
memory in the telephone controller 14. No descrip- 
tion will be given of the method for verifying the 
digital signature, because it is. disclosed in the 
afore-noted various digital .signature schemes. As 
described previously, the verification of .the digital 
signature S(M)- generally calls for an unsigned full 
document M and a. public, key jar verification use, 
but in the following.. description. ; there .are cases / 
where a simplified description, ; "the digital signa- 
ture is verified using the public key" or "digital 
signature is verified" is used. , ., 

Incidentally, the management center 4 has set 
therein its master seqret keys pA and qA and has 
functions of, creating a different terminal identifica- 
tion number IDT for each IC card terminal 2 and 
the terminal public key nT and . the terminal secret 
keys pT .and , qT .corresponding to. the 'terminal. . 
identification number, IDT, . 

It is preferable that the terminal secret, keys pT 
and qT be recorded in the , .terminal information 
area 2M^ in the IC card terminal 2 which js not 
easily accessible from the outside, for example, in 
a RAM : of a one-chip CPU or battery, backup RAM 
of a construction wherein the power supply' from 
the battery .is cut off when the I.C card terminal 2 is 
abused. ... .... « , 

In Fig. 4B there is shown the process that is 
performed by the \C card dispenser 5 when it 
issues the IC card -6. The IC card 6 receives , from i" 
the IC; card dispenser, 5 such pieces of card in- 4 
formation listed below that need to be held in the 
IC card 6. Jhese pieces of information are provided 
in advance from the management center" 4 ,to .the 
IC card dispenser 5. ... . ; .' 

(1) Master public key v nA for verifying the master' 
digital signature of the management center 4; 

(2) Card secret keys pU and qU for the IC card'' 
6 to create it digital signature; . , . . ... , . ,. 

(3) Card public key nil for verifying the digital 
signature .of the IC card 6;. . 

(4) Card identification number' IDU for identifying ' 
the IC card 6; 

(5) Master, digital signature SA(nU'lDU) of the" 
management center 4 for the card public key nU 

• and the card identification number IDU. 

After receiving these pieces of card .informa- 
tion, the.lC, card % 6 verifies the validity of the master 
digital signature. SA(nU"IDU) through use of the 
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master public key nA and, if it is valid/ the, IC card ; 
6 records these pieces of ,qard c information in a 
predetermined area (hereinafter referred' \o\ as a 
card information .area) 6Mi ' irv an EEPFtOM 64. 
Since the EEPROM 64. in the IC card 6 usually is 
not directly accessible from the outside, these 
pieces of card ^formation cannot be read put to" 
the outside of the.l,C card' unless a. predetermined , 
procedure is executed. In particular, the card secret 
keys pU and. qLJ need , not tpe read ,out to 'the ; 
outside of .the IC card 6 after once /ecorded there- " 
in, and hence , they may preferably be held' un- ' 
readable. ...In the process shown in Fig.' 4B an 
amount of ,money is not yet wntten. into the IC card 
6. 

The management center 4 .has functions of 
creating a different card identification number IDU 
for each IC card' and the card public key nU and 
the. card secret keys pU and qU corresponding to 
the IC card identification number IDU. 

Fig. 4C shows processing for writing into the IC 
card 6 the amount of money prepaid therefor when 
it is a prepaid card., The procedure shown in Fig. 
4C is used. for initial issuing of jhe IC card 6 and 
recharging an. amount of money into the IC card. 
when nc;money is- left. oyer ; . , . 

The IC card 6 transmits to the I c'. card dis- 
penser 5 the, pubHc ..^ey n(J, the. identification num-" 
ber IDU . .and, t : he. ; master digital, signature S'A- ! 
(nUMDU),.which -it .read .put of the card". information^ 
area 6Mv.. : The IQ card dispenser 5 verifies the 
master digital signature SA(n.U'lDU) by the master^ 
public key nA preset'.therein and. , if valid, recog- 
nizes that : the IC card is valid. In this. instance, the 
IC card dispenser. ; 5 transmits to the IC p.ar.d 6 a 
master digital signature SA(V'IDU) for a prepaid 
amount of < money V (i.e. . an. .initial value of the 
remainder) .and the card ^identification number IDU 
and the -amount of money. V,,.. provided from the 
management, center 4. and an IC card dispenser 
identification, number IDC preset in the IC card 
dispenser 5. The, JC card 6 verifies the master 
digital signature SA(VIDU) by the master, public 
key nA.-,and, if J? yalid, .records .these pieces of in- 
formation in:,a : usage.. information area 6M2 of the. 
EEPROM (i 64, in the lC card 6. 

It is also possible to, employ a system configu- 
ration in .which. , for- "each IC card issuing process,, 
the IC card dispenser 5 is connected online to the, 
management center 4 to transmit thereto the IC 
card identification number IDU and the value V 
received, from, the IC card 6 and the IC card dis- 
penser-,5. receives, in. turn, the master digital, signa-. 
ture SA(V*IDU) of the management center 4. s Alter- 
natively, these pieces of information may be 
prestored. in the. IC card dispenser 5. . 

Fig. -5 shows processing for the card user to 
receive a service from the IC card terminal" 2 by 
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use of the \C da'rd-8 1 which is a prepaid 'CarxLyRigsci \. : 
5A and 56 "show 'functional blocks of the .IC .cai:d; % <o 
f and the IG'carcl terminal 2. In this case? howewr.nno 
random generating' parts* 6C and 2C^ are shown .* 
corresponding' to' ah embodiment described-Jater in 
respect of Fig. 6. In the ' usage information area . L , 
6M 2 of the EEPROM-64' in the IC card 6' there are . 
recorded, as card usa'ge information, the initial v.pi- 
ue V, mdster digital signature SA(V'IDU) andrcard ■ 
dispenser identification humben IDC. When the 
user inserts the' IC card 6" "into the IC card read- 
er/writer 11 of the' IG" card terminal 2/ the . card 
public key nU, the' card identificaion number IDU 
and the master digital' signature SA(nU'IDU) are 
sent from the IC card 6 to the IC*card- terminal 2-. ■ 

The IC 1 card terminal 2 verifies the master-: h ■ 
digital signature SA(nmDU) by the master public 
key nA in a verifying part 2A (Fig. 5B) and, if- valid, . 
sends via a transmitting?receivin'g part 2E ; to the *IC - 
card 2 the pieces of terminal information nT, IDT 
and SA(nT r IDT) read out of the terminal information - • 
area 2Mi . The lC card 6 receives- these pieces of 
terminal information via a transmitting/receiving part 
6D and -verifies "the'- validity of the master -.digital 
signature* SA'(hTMDT). If it is valid, then. the. remain- . 
ing value' V, the identification dumber IDC and..the ; . 
master digital'*" signature SA(V"IOU), which . are , 
pieces of 'card' usage information read , out pf the 
usage information 5 area -6M 2 Pf ' the 1 memory 64in .,. 
the IC card 6. and a digital signature/; SU(V) pMhe.; 
IC card',' whicrv ; is generated : for the^ value- V.in.a.r 
digital signature creating part 6B through use. of the .. 
card secret keys pU and qU, sire- sent- to "the ; I C . 
terminal' 2." ; ? ' ■ ' ■ ■ • ■ ■- --»■ ••' * ' 
The IC card terminal '2 verifies- the ^received, 
digital signature r SU(V) , by the'' card- public key , nU : 
and the value V in the verifying part 2B. If it is 
valid, then the IC terminal 2 further ^checks the 
master' digital signature SA(V = IDU) by. the pieces 
of information nA. V and fDU to ensure that , the • 
value V has not been falsified;' after which the IC 
terminal '2 displays the remaining vatue V of the IC 
card 6 on'a display 13. While referring to .the- 
guidance provided on' the display 13, the user 
specifies his desired service by pressing the func- 
tion buttons \2. The IC "card terminal 2 reads, out 
the charge for the thus' specified -service from a list 
prestored in -a memory of -the telephone controller. 
14 or accesses the' communication, network; 3. and . 
receives the necessary service charge information 
via the network interface 15* from the communica T 
tion network 3 or a service center (not shown). The 
IC card terminal 2 compares the charge for .the 
service (hereinafter referred to as a service- charge) 
v and the remaining value Vand. when the latter is 
larger than' the former, the -IC- card terminal 2. 
begins to provide the specified service. For exam-. 
pie. in the case of a telephone service, when the 
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value V is :• 10: yen-son more* jthe.JQ card terminal; 2 ,h v - : 
provides a-prompt/on the;display 13,for : iQput.qf.the.:. , .. , 
telephone number: of; a. subscriber. tq.b^,caJled,and ( 1 
originates a calr as -the. user. dials the nurnber. . n ... 

In the above-, when, any one of. the,- digital . . : ..5 . 
signatures is- found, invalid through- .verification, the ; 
IC card terminal 2- stops processing,. at-. that point., ; ; , 
and ejects or returns the 1.0 card 6 to..the : u?er. . 

After '"completion of the service. : >o.r. call, ..the. . ■., 
telephone controller 14 of the .IC card, terminal 2 (a.- . .;q .. 
remaining ' value updating part -2D in Fig. ..5B), sub- , : ,, 
tracts the 'servrce' charge v--prestored .in Jhe ,mern- , v ( . 
ory of the telephone controller 14-icm- transmitted,- .. llj0 
from the rcommunication netwprk. 3 or service -cen- ... 
ter-from the remaining value V- to .obtain a pew. .,^5,.. 
remaining .value V' ; afterwhich the telephone con- 
troller 14 'creates, in, its digital, signature creating . i; ... ... 

part 2B. -a 'terminal .digital signature ST.{V7IDU) for. , , ? . 
the value V and the card identification number IDU, . 
through use of the: terminal private keys pJ,and,qT. ; . <• 20.. 
Then the IC card* terminal. 2 sends the value V: and : : , , 
the digital signature ST(V'*IDU) to the IC card 6 ( .y / . ( . 

The IC'iCard 6 verifies • the .received, digital sig-,. ; . 
nature ST(V^IDU) by the ; public key nT in the, .. . ; 
verifying' part* 6A<'and, if it is: valid, . records v f the,. 25 . 
remaining value V and the other,ipieces of informa- .. 
tion nT. IDT. 'SA(nnDT) and ST(VriDU) received 
from the IC card terminal 2, 'as card usage. informa- :; . # . . :< t 
tion. in 'the ' usage -. information : area ..6M 2 . .of .the . 
EEPROM 64-, erasing the previous ; card usage in- 
formation.- That * is-, the ; card usage r ,information„, in 
the usage information- area 6IM2 is' updated , as 
indicated by ihe^arrow in Fig. 5. , . : . .. . 

It is also possible to employ a configuration in. 
which in the case of updating the, usage information^ 
area 6M 2 in the ^EEPROM 64 of the , IC. card 6 : >yith 
the current icard usage, information including .the, 
new remaining value V received from the IC card 
terminal 2. the current 'remaining value V is com- 
pared with ?the previous., remaining value V in . the 
usage information area 6M?,,.and if the latter, is 
greater' than the former-, then the new remaining 
value V is regarded as abnormal or invalid. When 
such an ■ abnormality is detected, the usage in- 
formation area 1 6M 2 of the.lC card 6 is not updated 
but instead a code . representing the abnormality 
detection is-wr.tten into the IC card 6 to prevent its, 
further'Mjse.-This ensures to prevent the remaining 
value of'the IC card 6 from being raised by altering 
the IC card terminal 2. Upon completion of- the 
updating ■ of 'the usage information area 6M 2 , an . . . 
authenticatron-'information (OK) representing, , it is 
sent to* the* IC card terminal 2. . £ 

In' this'i embodiment, when . either pne of the 
digitarsighatures. SA and* ST is abnormal, the re- 55 
maining 'value- is not updated but instead the ab-.. 
normal contems of. the IC. card are recprded in a . 
code form;-' *i ■■ *:■ .• ; .•)-• -.- 
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Since the IC, card 6. and the IC card terminal 2 
'transmit to and receive from 'each other 'their iden- 
tification numbers appended' with the master digital 
signature of the management 'center as mentioned 
above, even t if the transmitted and ree'eived con- 
tents are falsified by altering the IC'card'6 or IC 
card terminal' 2, the abuse* cari'be detected by the 
verification of the, digital signature at" the receiving- 
side. Moreover, .even If the contents of the IC card 
could be. copied to another IC card using a stolen ■' 
IC card terminal, the falsification ' of the master 
digital signature of the management! center for the 
card identification number is sd' difficult that there 
is no choice but to copy it; hence,' such' a copy can 
be ^checked by acquiring data of the abused IC 
card. 

In Fig. 6 there are shoWv procedures for pro- 
viding increased security against wire tapping of 
communication between the I'C card 6 and 1 trie IC 
card terminal 2 through use of random numbers in 
the procedure of sending the remaining" value V 
from the former to the latter. 

When the IC card terminal 2 recognizes' the 
validity of the IC card 6 inserted thereinto;' by : 
verifying the master digital signature SA(nUiDU) 
received from the IC card '6 as described above 
with respect to Fig. 5, the IC card ' terminal' 2 
generates a random number R in ! a random gen- 
erating part 2C (Fig. 5B), cind sends it to the IC* card 
6 together with the. pieces of information nT; 'IDT ' 
and SA(nT'IDT). The IC card 6 verifiesthe master 
digital signature SA(nTMDT) by the : master public" 
key nA and the received "pieces of information nT 
and IDT'. When the master di^itarsigriature is valid, 
the IC card 6 generates : a random number X- in 'a 
random generating part 6C (Fig! 5A) and creates' a 
digital signature SU(R">CV) of the IC card 6 for the 
random' number R, the random number X and the 
remaining' value \/ by use of the- card secret keys 
pU and .qU and then : sends the ; thus created digital - 
signature to the IC card terminal' 2 together with' the 
random 'number X and the pieces of card usage 
information V, SA(V*lD(J)" and IDC readout of the 
usage information area 6M 2 . ' " £ ' ' 

The JC card 'terminal 2 checks' the' master 
digital signature SA(VIDU) to' ensure' that -the re- J 
maining value V was provided from a' vaiib 'terminal 
(including an IC card dispenser); to the IC card : 6. 
Furthermore, the'lC card terminal" 2' verifies' the 
digital, signature SU(R'X'V) through' use of this re- 
ceived X, V, the card public key nil and the pre- 
viously generated' random number R to ensure that 
the remaining value V is one that was received 
from the '.valid IC card 6. Then tHe'lC card terminal 
2 permits the start of the 5 service specified by the 
card user. 

Upon completion of 'the- service, the IC xard 
terminal 2 generates a digital' signature ST- 
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(R'X'V'MDU) for a new remaining' value V'! the card ' 
identification number IDU and the random numbers 
R and X and sends it to the IC'card 6 together with 
the new remaining valued*. The" tC card 6 verifies"'' 
the digital, signature 'ST-tR'X^V^iDU) by the pieces '* 
of information IDU, R, X, V and nT to ensure that 1 ! 
the remaining value V 1 is valid, thereafter updating ' '' 
the usage information area 6M 2 with all' the pie : ces 
of information received from the'lC card terminal 2. 

With such a configuration, the random numbers 
R and X take different values for each use of the IC ' 
card, and consequently, the digital signatures SU 
and ST also change. Hence, even if an outsider : 
intercept signals between the IC card 6 and the IC 
card terminal 2 and sends to the latter the same- 
signals as those' intercepted without using 'any IC 
card, the .signals dp not match because of different 
random numbers; , therefore, wrong' manipulation 
can be prevented. Moreover^ even if the inter- 
cepted signals are sent^by* some means to the IC 
card 6 in the.'process o\ 'updating the' remaining 
value, the signals do } not match, and' hence such- 
wrong manipulation can be prevented. 

Fig. 7 shows' procedures which provide in- 
creased security, through use of random numbers' 
at the time, of writing' the prepaid value intb the IC 
card 6 when.it is initially' issued or recharged. It is 
assumed hero that the IC card dispenser 5 and the 
management center 4 are connected online 'as 
shown in Fig.^ 1 . 

When. inserted into, the iC card dispenser 5, the " 
IC card 6 sends thereto the card'public key nU ; the 
card identification number IDU and the master digi- " 
tal signature. SA(nUiQU). The id card ' dispenser 5 " V: 
verifies the validity of. the master digital signature* 
SA(nU*IDU) by the master public key nA to ensure 
that the. .IC. carcj .is valid. Then the IC card dis- 
penser 5, generates a random number Y and sends 
it to the iC card 6 together with the amount in- 
formation, V and the dispenser ' identification num- 
ber IDC.' ', ( " ' ' 

The. IC ; card 6. in turn, generates' the'Vahdbm 
number X and. then generates a digital signature 
SU(Y*X"V)' for the randonn numbers" Y and X and 
the ampunHnformation V. thereafter sending it to' 
the IC card dispenser\fe together with the random 
number X. _ , 

The IC card dispenser 5 verifies,' in turn. ' the 
digital signature SU(Y ; X*V) by the card' public key 
nU and. if it js valid, transmits the random numbers 
X and Y, the amount information V and the 'card 
identificaton number IDU to the management cen- 
ter 4. ' [ '. . ; " ; 

The management center 4 generates a master 
digital signature SA(Y*X*V'IDU) for these pieces of 
information received from the IC bard dispenser 5 ' 
and transmits it therethrough to the" IC card '6. The 
IC card 6 recognizes the validity of the manage- 
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ment center 4 through Verification ^of the,m^5ter ; , 
digital signature SA(YOOV*IDU) by the;. master pub^.. 
■ lie key nA^and-'recordsr-the entire [.information -re^ , 
ceiveb from 'the IC card dispenser : 5 in the.usage 
information area'6M 2 in the memory 64. , , , f: 

Incidentally! the IC card dispenser 5 may be. of 
a configuration wherein : it does not perform the 
" verification processing ■ but only reads and writes 
'data into the IC card 6. In such an instance, the IC 
card dispenser '5' functions only as a. relay for : the ■ 
respective "information,, and.the verification, of, digital., 
signatures and the . generation of the random- num- 
ber are preformed by: the -management- center 4. , 
Fig. 8 shows procedures for setting a secret 
key which is used not only to encrypt the contents 
of communication at the- transmitting side but, alsp . 
to decrypt them at the receiving sidei, so ..as to ; 
prevent the information from being stolen or fa!- • 
sified on the communication path between the 
: management center 4, the IC card terminal 2, the 
: IC card 6 and 4he IC card dispenser 5 which are 
each located at a place remote from the others and 
transmit information thereto using a ^communication 
procedure. s -.. 

The -management .center 4 has ; an encrypting 
function E for cipher communication, a-,tempor.ary 
common key Ktenhp .and a. common key.KO for;;, 
encryption ■ use, and- a. key ^creating master. ( key KA 
for deriving encrypting';ke.ys KT and KU for ciphpr 
communication from-: specific information such as 
terminal- and card identification numbers IDT and. 
IDU. In^'this ■ case, it . is* possible, to . use, as the 
encryptih'g function E. an algorithm: FEAL disclosed 
in- > "Fast • data 'encipherment. algorithm FEAL," 
IECEJ Technical - Report IT 86-33 (1.986), for in- 
stance. ! The encipherment of. the document' M by,, 
the key K'will be indicatedrby EK {M.} , 

The IC card terminal 2, has the-temporary com- 
mon key Ktemp recorded in its memory when it. 
was manufactured, and when iUs installed. it-re r 
ceives the encrypting terminal key-. KT and the. 
common' key KO by a cipher- communication using 
the temporary common key Ktemp and records 
these keys KO and <KT ,tn -.the memory. Thereafter, 
the transmission and reception of signals between 
the management center 4 and rtheIC card terminal 
2, described previously in conjunction with Fig. 4A, 
are carried out by cipher •communication using the^ 
key KT inherent to the terminal 2. ■ • 

The IC card 6 .has the temporary common key. 
Ktemp recorded in its memory when it was fab- 
ricated, and when 'it is issued, it receives the en- 
crypting key KU and the common key KO via the 
IC card dispenser 5 and records these, keys KU 
and KO in : the ' memory. -The encrypting key KU is 
generated from the card identification number IDU 
under the master key KA*. 
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The key KU may be delivered from the man- 
agement ce'nteP'^td the ' <IC card dispenser 5 to-...-. 
gether with :: the' freely of data nAv' IDU, ♦ .:. ^wftjsn.. y- 
they are "delivered as described (previously:. ..with\.- 
respect to Fig-. 5B. After 'this, the transmission and . : 
reception of signals between the IGxard.6 :arj,d th^ , 
IC card dispenser 5 described previously- io,.re-.\ 
spect of Figs. 4B and 4C are performed- :by .ciper, . 
communication using : the key KU inherent- to the. 
card 6. ' ' ;.<••. * 

On the other hand, ; the> transmission and recep- 
tion of signals between the IC'card terminal 2 and 
the IC card- 6 : shown in Figs. .5. and 6 are carried. • 
out by cipher communication, usingithe common , 
key KO. : - * .' : • ■ -• •'■ < : • 

In the* case -where the: ic card 'dispenser 5 and . 
the management center 4 are connected online as : - 
described 'previously* 1 with reference -to Fig. 7, ! the 
transmission of the card identification number*. IDU- 
from the IC card' 6 to the management center 4, 
enables the latter -to derive the key KU from; the-., 
card identification number IDU by use of : the; mas- 
ter secret tfey - KA; therefore, it is possible to pro- . 
vide increased security by using the encrypting : 
key KU inherent to the card, in place of the com-,, 
mon key KO. for writing ' the prepaid, amounWnto . 
the card or* recharging it. * ■ ( 

While the foregoing description -has been given , 
on the assumption that the IG card dispenser 5 and 
the management center -4 are > located. a,t different 
places, tfiey" may 'be 5 formed as- a unitary .structure-., 
with each f other,' and it is : also 1 -.possible to enclose , 
the IC card dispenser 5 and the IC card ..terminal 2, 
in the same -housing 1 . Moreover, in the. cases .of;, 
transmitting' the terminal - secret; 'keys .pT and q-J, 
from the' managerhenU center .4 to ,,the JC t card 
terminal' 2 arid* transmitting the card: secret keys, pU 
and qU from the IC ca ! r<i. dispenser 5 to.the.lC card 
6, security can be' further- increased .by transmitting 
the keys together with the master digital signature 
of the management center 4 and by verifying the . 
signature at the receiving side.' 

According to the embodiments of Figs. 5 and, . 
6, since 'the : IC card 6 and the IC card terminal 2 
each transmit the -identification number and the. 
public key to the other together with ahe master 
digitai signature' of the management center 4, even, 
if the contents of communication are falsified by, 
for example, forcing the IC card terminal 2. open, 
the falsification can be detected by verifying; -the 
master digital' 'signature of the management center- 
4 at the receiving side. Furthermore, even if the 
contents' of 'the IC card 6 could- be copied to 
another IC card by a stolen IC card terminal, .for. 
instanced the -falsification of the master digital sig-- 
nature of the management center 4 is so difficult 
that there 1 is ho choice but to copy it intact; there T 
fore, the copy could be checked by acquiring data 
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of the IC card used. 

Beside.s, -it is impossible to issue an IC c ? r d. 
^equivalent to .a .normal or valid one by altering a 
jstolen IC card terminal or. through use of a personal 
computer and.ao j'C card -reader unless, the master" 
.secret key .for . generating the master digital signa- 
ture of the. management center, placed under strict 
-supervision, is.known. ,ln addition, since' the validity 
of the IC card and. the IC card terminal is verified 
by the identification number appended with the 
master digital. .signature of the management center 
.4 as referred to above, the IC card terminal .2 does 
not need to inquire of the management center 4 
about the validity of the IC card 6 prior to or during 
the service being rendered. 

Turning next, to Fig. 9, a description' will be 
given of an embodiment of the invention improved" 
from the Fig. .6 embodiment applied to the prepaid 
card system. As in the Fig. 6 embodiment, the' IC 
card system, each IC card terminal and the IC card 
are basically identical in' configuration witn those 
shown in Figs. 1, 2 and 3,, except that the IC card ' 
terminals , 2a. 2b, ..... each have a list of invalid IC 
card identification numbers IDU1, IDU2. prestor- ' 
ed in a memory area 2M 2 of. its internal RAM as 
described later on. The invalid identification num- 
ber list is written into, the memory area 2M 2 by a 
down load from the management center 4, for 
instance, when the IC card terminal 2 is installed/ 
and thereafter .the .list is updated by the manage 1 *' 
ment center 4 as required. * ' . . ' 

Fig. ...9 shows processing for the card user to 
receive .his desired service at the IC card terminal" 
2b different from that 2a used previously. The 
pieces of information or data p^estored in the card 
information area*6Mi of the EEPROIvI 64 of the' IC 
card 6 and in the terminal information area 2M, of 
the RAM in . "the telephone controller' 1 4 of the'lC 
card terminal 2b are the same a? in the case of the 
Fig. 6 embodiment. In thi 4 s case, however, symbols 
representing pieces of information or data ihherent 
to the respective IC card terminals 2a and 2b will 
be identified, by superscripts "a" and "b*\ ^respec- 
tively. In the. usage information area 6M 2 of the 
memory , 64 of the IC card 6 there is retained the 
previous usage information, which includes the re- 
maining .value V, the terminal identificati on number 
lDT a ,the terminal public key hT a , the random num- 
bers R a and X, ,.the, master digitai signature SA- 
(nT a *IDT a ) and the terminal digital 'signature ST- 
(R^X'V'IDT 3 )., received from the IC card terminal' 2a 
used previously as described . in connection with 
Fig. 6, The IC card .terminal 2b has the afore- 
mentioned list of invalid card identification numbers 
IDU1 , JDU2, .... in another area 2M 2 of the memory. 

. When inserted into the IC "card terminal 2b 
different from that used previously, the I C card 6 
sends thereto the card identification number I'DO, 
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the card public key nU' arid fhe w Vn"aster\digitar 
signature SAfnUIDU). The ' IC card terminal '2b 
matches the received card identification number 
IDU with the list of the ' invalid card identi'ficatibn' 1 
numbers prestored in the memory area 2M 2 'and, * : 
when no match'is detected', the IC card terminal 2b 
verifies the master digital signature t SA(nU"IDU): 'If -'. 
this signature is valid, the IC card' terminal' 2b ; ,l 
generates a random number R b 'and : sehds it to' the • 
IC card 6 together with a 'terminal public key nT b , a " 
terminal identification number IDU b and a master ' 
digital signature SA(nT b "IDT b ). 

The IC card 6 verifies the master digital signa- 
ture SA(nT b *IDT b ) and,' if it is valid, generates a 
random number. X' and a card digital signature SU : 
(R b *X'~V') for the random numbers R b and'X' and 
the remaining value V and sends them to the IC 
card terminal .2b .together with the pieces of the 
previous card usage information, or data R a , X, 
IDT 3 , nT a ! ST a (R a 'X"V';ipU) 'and SA(nT a *IDT a ). 

The IC card terminal 2b verifies the cardtligital 
signature SU(R b ~X''V'), and the terminal digital sig- 
nature ST a (R a *>CV'*IDU) and the master digital sig- 
nature SA.(nT a *IDT a ) of the previous card usage 
information all received from the IC card 6.' When 
all the digital . signatures are valid, the IC card 
terminal. 2b displays, the remaining value V and "a 
guidance or .prompt^ on the display 13. The user 
specifies his' desired service by pressing function 
buttons . 12 and receives the service. Upon comple- 
tion of the servtce. the IC card terminal 2b creates 
a new remaining value \)/' and a terminal digital 
signature ST^R^X'AriDU) and' sends .them to. the 

IC card 6..' ...... , ...... 

The. IC card 6 verifies .the terminal' digital signa- 
ture received from the IC card terminal 2b and, if it 
is valid,. then updates, the usage Information area 
6M 2 with all 'the pieces of information received 
from the I C, card terminal 2b and sends thereto an 
authentication signal OK. On the other hand, t'he IC ' 
card terminal :2b then generates usage manage- 
ment information h from the card identification 
number-IDU., the random numbers* R a 'and X. the" 
terminal. identification number IDT° and the remain- 
der value „.y\ received from .'the IC card 6 and. 
tempor.a^ily.'.records them ifi another area 2M 3 of 
the RAM in!!jthe telephone controller i 4, together 
with the., card identification' number IDU. In this 
case, the usage' management information h may be 
a numerical sequence composed ; of. for instance, 
IDU, R a , X lDT a and^V, or its data-compressed 
version, by a hash function. ; 

The card identification number and the data, of 
usage information stored, in the IC card terminal 2b 
are sent to the management' center 4 at' proper 
time intervals, for .example; every day. In the 
database 4D in the management. center 4 there are 
registered card identification numbers (iDOo, IDUi . 
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IDU2. ...) •and iC Card usage management infermao'. 
tion (hoi. hc2. h 0 3 for IDUo, for example) received 
so far. Upon newly receiving a card .identification /. 
number and^usage management information, the 
management'eenter^ first retrieves the card iden- 
tification number. When the" same card identifica- 
tion number Vs '-not found- the card identification 
number ahdthe! accompanying usage management- 
information received from the IC card terminal 2b. 
are newly registered: "When the same card, iden- 
tification number is found, the usage management 
information of the card identification number . al- 
ready registered ; and the usage management in- . 
formation : - newly' ' received ' are compared and 
checked to see ! if they are the same. If not, the 
latter is additionally registered -as- new usage man- . 
agement information. If the same usage .manage- 
ment information is found, then the cardMdentifica^ \ ■■ 
tion number is- registered in the invalid card list 4L 

(as IDUico)- ' ' 

When having registered the card' identification 
number in the invalid card list 4L, the management 
center 4 calls all of the IC card -terminals 2 and. . 
transmits the' registered card identification number 
to the IC card terminals 2, wherein it is additionally 
registered in the invalid card identification number • 
list of the 1 memory area ; 2M 2 . Hence, when-the IC 
card of "that card identification number .is used, j.t 
can be decided to be-abnormai by 'checking its , 
card identification number and itstfsexan be inhib- 
ited. By constructing the management center 4 so 
that upon 'registration of- the card identification 
number in the invalid card list ■ 4 L, all, pieces of data 
of that 'card identification number v in- the. database 
4D are " erased, ' the data retrieval time ; can _ be , 
reduced ' Moreover, by constructing : th6 IC card 
terminal 2 so that it stores new remaining, value 
information as well as the card identification num- ; 
ber and the usage/management information and 
transmits the hew remaining value information to 
the management center 4 together .with the us- 
age/management ; information and by providing a 
database of remaining value -information corre- 
sponding to each card identfication, the remaining 
value information can be used to specify the re- 
maining value, for example, when the data of the IC, 
card 6 is destroyed.' : ' 

As will be seen from comparison of Figs. 4C 
and 7 witrr Figs. 5, 6 and 9,' although in the above 
the IC card 6 -does not initially have, for example, 
the digital signature ST(R*X*V*IDU) and the termi- 
nal public keynT of the IC card terminal 2 in .the 
usage information area 6M 2 of the EEPROM 64, it 
is a matter' of course that if initial values cor- 
responding to them are recorded in the initial state 
as well, the usarge/mahagemenr information- can- be 
generated from the beginning of the use of the IC 
card and the whole usage/management information 
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can be heW r urvder;.the^,cQntroi ol the managqnu^t, i.;-* 
center 4. : -.-v r * ' '• •■ • : •.. • . r»> rt'-i: 

While'in }r the abbve the IQ card. 6 and 0 the.,lp, . - - 
card terminal 2 are configured so that, they have^-in t . 
their card information ' areas 6M- . and' terminal ;in T . t 5 ... 
formation area' 2M! . the secret -keys ; pU, .qU n an,d •.,,,-,},. 
pT, qT for generating digital .signatures,, and the., 
public keys nU and nT for them, respectively,, and . ; . r , 
transmit desired- pieces of information! .together^ with .. 
the digital signatures, it is also., possible to. omit .. w- 
such a function, to simplify the processing o.f.thq IC 
card system. •■■ - 

Also it is possiblerto omit, either .one of. the 
random number R?,-and X although security., der 
creases. Conversely, . by prestoring .algorithms for . 75.~:. 
encipherment of -information to be transmitted, and :r . i 
a common:key :for<encipherment and- decipherment 
in memories ' of the IC card-. 6 and the |C card : . (l ^ Ji . 
terminal .2, » the- ? mutual communication -. .between . .. r , : 
thern can be made by cipher communication, to : , ?o , 
provide further increased security. . - ' : •• . . . - * .< 

As described above, according to the Fig. 9 
embodiment, sinceparticular card information num : ( rj 
bers are^registered ,in- the card identification num-. . t , it> 
ber list of'the^C card terminal. 2,. it- is pos.sibl.e to . , 25 
inhibit the 'use 'Of- IC cards of • the registered card. ..; , 
identification numbers. Furthermore,, when,, the IC - .. 
card 6 is used, -at least- the terminal identification .. . , 
number -identifying the: IC terminal used and , the . . 
random number' generated - by .at i.east one of :the t .lC , : 3.0 , 
card 6 andUheMC card terminal -2 are registered as,.. >is 
previous information inithe IC card 6, and when the ; 
IC card 6 is used next, at least the card identifier. fj ... 
tion number and usage, management, information .. .. 
derived from . the • card identification num.ber. .the .,,. 35^ 
remaining value before .updating and tbe. previous u , 
information- • are registered, and .supervised in the 
management center as: information for specifying 
the initial state of the IC card 6 only in the case of 
updating the remaining value information., When the 40.. 
card identification ■ number and the us- 
age-management information of the currently used 
IC card 6 -match those Already registered, the card. , 
identification number is registered as abnormal m . 
the card identification number list of the IC card #5. 
terminal 2. by which it is possible to inhibit further 
use of the IC card 6 of the same card identification ■ 
number as that registered- 
Referring next to Fig.j\10, another embodiment 
of the present invention will: be described .as being • so 
applied to a prepaid card'sy stem. •»•.., 

Fig.- 10 shows' procedures for the payment of, . . 
charges by the IC card 6i in an improved version.-of 
the Fig. ; 5 embodiment. As jin the Fig. 5 emboqi: 
ment, the IC card: system. ithe. lC card terminal 2 ,55 
and the ICcard 6 are-basicaiiy identical in configu- 
ration with those depicted in Figs. ,1.2 and 3 : .In . 
this instance/ however, the IC card tenminai 2 has 



in the ROM of the., telephone controller a program 
which executes an algorithm 'for updating f a . tim'e 
stamp as , described, JateV oh. For example, the 
afore-noted FEAL can be. used as the algorithm for 
updating the time, stamp. ^ 

The initial . value. tSo of ' the. time stamp TS t 
may be recorded in a memory area 2Md of the 
RAM in the,, telephone controller 14 after being 
received from the. management center 4 via the 
communication network 3 when the IC^ card termi-. 
nal 2 is installed; alternatively," it may also be 
preset in the memory area 2M 2 qf the RAM in the 
telephone, controller 14 when the IC card terminal '2 
is fabricated. Update information t is initialized to a 
"0". for instance, and jt .is incremented by 1 upon 
each updating /the time stamp TS t . In the RAM 'cW ' 
the telephone controller 14 "there is' provided a 
terminal list area 2Ms for registering a list of termi- 
nal identification numbers IDT of stolen or similarly 1 
troubled IC card -terminals, initial values TS 0 of the 
time stamp corresponding lo them and the update 
information' t at the time when each" trouble was 
found. "... 

In the configuration of Figs. 1 .'through 3, the 
terminal identification number IDT, the initial value' 
TSo of the" time stamp and the update; information t 
set in each I C card 'terminal 2 are registered in the 
management center. 4. The time stamp v TS, set in 
the respective IC card terminal 2 is independently " 
updated by its internal timer from the ihitial value* 
TSo, for example, every day under a predeter- '■ 
mined algorithm; namely, the .time stamp is' re- 
placed with a new time stamp in a sequential order 
[TSo — TSi ' — TS 2 — TS, ...], and thus the 
previous time stamps disappear one after another. 
The updating of the time stamp need hot always 
be periodic but may also be periodic Upon' each 
updating of the time stamp, the numberof updates 
(i.e. the update information or data) t is updated to 
t+ 1. Each time stamp^TS, and the update informal 
tion t need only to. correspond to each other, that' 
is, the time .stamp may be a mere ^symbol' and 

need not be a quantity. ' ' ' !""' 

Upon updating the update information f. the IC' 
card terminal 2 automatically calls the management 
center 4 anp! transmits thereto' the terminal ' iden- 
tification number and the renewed' update ihform'a- ' 
tion. The management center 4 replaces the re- 
ceived update information t for' the pYeregistered 
update .information t of the corresponding terminal' 
identification number IDT. Incidentally'. 'it .is neces- 
sary to utilize, for updating the time stamp TS t . an 
algorithm which generates the succeeding time 
stamp TS,/, from the current time stamp TS, un- 
der an encryption algorithm E using an encrypting 
key K, as exemplified in Fig. 1 1 , to thereby prevent 
the previous , time stamp from generation, the 
afore-noted algorithm FEAL, for instance, can 'be 
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used as such ^an algorithm. The; initial value TSp. ,of 
the time stamp registered} in*. the management cen- 
ter 4 is 'not updated.. In such, -a .s.tate, ..when ,.the IC, ,. ...... 

card terminal 2 is stolen, the management center^ !; 
is capable of detecting, from the .terminal identifier 5 . 
tion number IDT of the stolen .IC card> terminal 2,,.., . uy 
the initial, value TSo .ot:the ; time stamp pf the stolen ,:. ; ... 
IC card terminal. 2 and the update information t pf , 
the time .stamp at the time when the t )C pard ., v ,., 
terminal 2 was stolen. These pieces of information ,io 
or data are registered in the terminal list of all IC 
card terminals- 2 by a down; load from the manage- 
ment center 4. . =• '*.-.-r 

Fig. 10 is -explanatory of the processing for the. , .; 
user to- receive his desired service at the IC card , rs 
terminal 2b through use of the IC card. 6. In the Fig, . 
10 embodiment; however, the IC card. 6 side has ; . : 
no digital signature generating function.- ln,the card . 
information area 6Mi of theEEPROM 64. of ; the IC . 
card 6 there aire stored ^the master public key nA; . .20 
the card identification number ID.U and the master -.:».. 
digital signature. SA(IDU) and in. the, usage informa- r „ 
tion area 6M 2 'there are stored the remaining : valuev : ; 
V, the terminaridehtification number IDT?, .the ter- ; . 
minal public key nT a * the- update information ,tf, the -j 23 
terminal digital signature ST a (TS?,), .for the time. -. . 
stamp TS a , and- the master-.digitah signature -SA-. - 
(nT a MDT a ) which arc-". the card., usage, information .. . 
received • from the IC card terminal, ,2a previously, w ; 
used. -In this^ example the master digital: signature 30 
SA(IDUy held' in- the ■ I C -card. • 6 is'Show.n to be;, a, . , : 
master digital signature: for only the ..identification 
number of the IC card, but it is^also possible tc : .use . ; 
a master digital signature SA(IDU'mU) for the con- , 
catenation of the identification number 1DU and , :35 
predetermined information mU. ■ 

In the 'terminal information area 2Mr of the -•> = y 
RAM in the telephone controller 14 of the IC card 
terminal 2b'there are stored- the terminal identsfica- . .. , 
tion number ; IDT b . the terminal secret keys pT andi 40 
C|T for -creating- the -digital signature, the terminal. . 
puolickey nT b; . the master public key- nA and the 
master digital signature-. -SA(IDT b *nT b ) and in an- --. 
other predetermined area 2fvV there are recorded , 
the latest , "time'Stamp' TS b t .and the update informa- .^5 
tion t b "of* the IC terminal- 2b. In. still another area, 
2M 5 of the-RAM im the IC card terminal 2b : there • . r ,._ 
are recorded, as. a table; terminal identification .... 

numbers IDT j , IDT\ ... o^stolen or. similarly trou- 
bled ' IC "card terminals, their time . stamps; TS J o, .50 
TSS, '... and update information t', t k . ... at the- ,-.= 

points' when they were found, , which are- provided 
from the management center 4. ' - ■ v 

When inserted into the IC card reader/writer M , 
of the' IC card' terminal- 2b, -.the. IC card- 6 sends .55 
thereto the identification number IDU-and the mas- . 
ter digital signature SA(IDU) as in the embodiments - . 
described above. The IC card terminal 2b verifies 



the received . master digital signature. SA{fDU)/bV 7 
the master public key,! nA arid, if it! is valid; 'then _ 
sends the. identification .number IDT b . the terminal' 1 
public key nf b ancl the master digital : sighature ; SA- 
(IDT b mT b ) of .the IC card terminal 2b itself to'the IC 
card 6. Then. the'.IC card 6 verifies the' validity of 
the received master digital signature SA(IDT b 'nT b ) ' 
by the master' public key nA. the process per- 
formed so far is the same 'as in the embodiment of 
Fig. 5. . ( . . 

When .the master digital signature SA(IDT b, nT b ) 
is valid.. the IC card 6 sends pieces of the previous 
card usage information V, IDT a , f t fl . nT a , 'STMTS',) 
and SA(nT a :iDT a ^ to the !C card terminal 2b\ the IC 
card terminal 2b matches 'the received eard' iden- 
tification number ID J" with each piece of the data 
IDT j : IDT k , ... in the troubled terminal list and, : when J 
they do not match, displays, remaining 1 value V and - 
a guidance, or prompt on the display 13. When "the 
user specifies his desired service by pressing the 
function pultons 12 while refemng to "the guidance' 
displayed on the display \3, the IC card terminal 
2b reads/out the charge v fpr the specified service 
from a list pr.estored in a' memory of the' telephone 
controller 14 or receives the charge v frohh the : 
service, center (not shown) via, the conhmunicatibh 
network. 3. Then the IC card terminal 2b compares 
the charge v and the rcrnaining value V and starts - 
to provide the specified service when the'remaining ; 
value }J is larger thVn the service charge v. Upon 
completion ; of the service'; the IC* card term in at 2b 
subtracts the service charge v. from the; remaining 
value- V to obtain a new remainder 1 value V' ; and 
-generates a digital signature' ST b, (tS b t ) for the cur- ; 
rent time stamp TS b t by the terminal secret' or : ' 
private keys pt b and qt b /and sends Vt to the IC 
card 6. together with the pieces of data V and t b . 
The IC card 6 updates the usage information area 
6M 2 in the EEPROM 64 with all the pieces of 
information received from the lp' card terminal 2b 
together with the remaining value V'. ' 

In the above processing, when the terminal 
identification number ,IDT b sent to the IC card ter'- 
minai 2b .matches with any one of those in the - 
troubled terminal list, the following processing is 
performed. 

(1), Let IDTj represent the terminal identification 
number in the list that matched the terminal 1 
identification number lDT b sent to the IC card 
terminal 2b. The initial value TS'o of the time 
stamp corresponding to the terminal identifica- 
tion number IDT is recursively calculated' by 
the number of. updating of the update informa- 
tion t a received frorn the IC card 6 under the 
algorithm of Fig. 11 registered as a. prog ram of 
the IC card terminal 2b, and the time, stamp TS\ 
corresponding to the. update information t a is 
obtained as follows: 
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(2) t6$} IC card .term irial 2p verifies the valiBUy 
of the. 'signature 'ST a (TS d ,) r by 'the' time starH'p' 3 
TS j t obtained, by the above' calculation 'arid the' 
public key. nf a received from the J C" card 6.'. . ' 

(3) When the digital, signature is not valid.' the IC 
card terminal 2b decides' that" the V 1Q card is 
abnormal .or invalid and.,stops further process- \ 
ing, then ejecting or' returning the IC card 6 to 
the user. 

(4) When the digital signature is valid, the IC 
card terminal 2b compares update information t j " 
corresponding to the above-noted terminal iden- 
tification number IDT j in. the troubled terminal list 
and the update information t* received from the 
IC Cfarrj. 6. ( : , . ' T " 

(5) yVhen ;t°. ^ tf.the 'update' information t a ts/ v 
judged as update, information generated' before' 
the pieces of data' IDT*. TS j c and t j were regis- 
tered in the terminal list; that is, the IC card 6'i's 
judged to be an ,IC card whose card usage 
information (terminal identification number IDT j , 
update information t j , public key n'T and digital- 
ly-signed Jime. stamp ST'^TS^)) in the usage ' 
informatiqn area 6M 2 had been updated' by 1 a" 
stolen. IC card .terminal 2j. (riot shown) of the : 
identification number IDT* before it was "ptblen'.' 
As -the. result of this, the IC card terminal 2b '* 
reqards the'lC card 6 as valid and perfbrms'trV ' 
subsequent processing accordingly. 

(6) . ,WI?en .t a > t 1 . the update information t a is 
judged as update information generated after - 
the, pieces of .data^ipT'TS^o and" t j Were regis- 
tered, in the troubled jerminai list; that 'is,' the IC " 
card 6. is judged'" to, be an IC' card whose card' Jt 
usage, information was updated by the'lC card - 
terminal 2\ of the identification number IDP after ' 
it had been stolen. As the result of this, the IC 
card terminal 2b regards the IC card B as invalid 
and-, discontinues the.process and ejects or de- 
tains the IC cards .in the IC card terminal 2b. 

Fig. 12 illustrates, another embodiment' of the 1 
invention which provides further increased security 5 
through, use of random numbers in the Fig.' 10 
embodiment as in Fig. 6. In a .ROM 61 of the' IC 
card 6 there are recorded ah algorithm for generat- ' 
ing the digital signature and an algorithm for gen-' 
eratingjhe random numbers. In the card' informa- 
tion area 6M, in the. EEPROM 64 of the IC card 6 
there are stored the information in the card' in- 
formation area 6Mi in Fig. 10, together with the" 
card secret keys pU and qU and the public key hU * 
for the verification of the' digital signature. In this 
case, however, the master digital' signature used is 
SA(IDlTn.U). In the usage information area 6M- in-' 
the EEPROM 64 there, arb held all pieces of' card 
usage information received 'from the previously 
used IC card 'terminal 2a,' that is. t'He terminal" 
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identification number IDT a , the public key nT a , the 
master digital 1 signature' SA(nT a ~IDT a )- for them, the 
update information 5t°; -the 'Yahctom. number R a , the 
previously ' generated - random ' -number < X,. a first 
digital signature S^T a (R a *X'V=IDU) = S a generated 
by : the previously "used tCciard terminal >-2a- for the?: 
random numbers R a arid' X, -the remaining 1 value V 
and the 'card identification numberUDU, and a sec- 
ond digital 1 signature ! ST a (TSyS a ) generated by. the 
previously : used IC card 'terminal 2a for the .first 
digital signature 1 S a and the time stamp TS a t . 

When inserted into the IC card reader/writer 1.1 
of the IC card terminal 1 2b, the IC card . 6 sends 
thereto the card identification number IDU, the pub- 
lic key f 'nU and the master digital signature SA- 
(IDU'nU) as in the case of Fig. 10, and the .10 card 
terminal 2b verifies the master'digital signature SA- 
(IDUYiU) by the -public key nU. When .the; master 
digital signature - is* valid; *he IC card .terminal 2b 
sends the terminal identification' number IDT 6 ,, the, 
public key nT b and the master digital. signature SA- 
(IDT b ^nT b ) to the IC card 6. The IC card 6. .in ..turn, 
verifies the master digital signature SA(IDT b YiT b ) 
and. if valid, sends to the tC-card terminal 2b the < 
pieces of data R a . X; V, IDU, S°; IDT a , t a ,iSA(nT a * 
IDT a ), nt a and ST a (TS a t *S a ) which .are the previous 
card usage information. ! ■ ' : v : ..t"- \ : 

Then" the IC card" terminal 2b verifies the valid- 
ity of the first digital signature S a by thefpublic keyj 
nT a . When the signature S a l is .valid, the IC ^card 
terminal 1 '2b matches the received- terminal iden- 
tification ■ number IDT a . with - data : in . the. troubled- 
terminal' list, and if the former , does « not match : the 
latter, ! -the : IC card terminal 2b generates the .ran-., 
dom number R b and sends- it to -the- IC card 6.. In 
•response to this, "the IC card -6 generates the ran- 
dom number X' and generates a digital- signature 
SU(R br X"V) for the random numbers R b and X* and 
the remaining value V 'by use of the .secret keys pU 
and qU. then sends it' to the IC card terminal 2b 
• together with - the' random number X'- an.d )the. card, 
public key nU. The IC card\.terminali.2b, in .turn, 
checks the* validity of the received- digital signature. 
SU(R b *X"V) by the public key nU also (received 
from 'the IC- card 6. When, the digital signature;. is 
v valid, the IC card terminal 2b displays ,the remain- 
ing value V oh- "the display ?T3 ! and :then -provides a 
predetermined' service. After completion. of-<the;ser- 
vice the IC 'card terminal 2b obtains the- new re- 
maining value V- and generates a first digital signa- t 
ture ST b <R b 'X'~V"IDU)- •= S b . for the random num- 
bers R b and X'. the remaining value V- and the 
card identification number. IDU. by -use of the termi- 
nal secret keys pT b and qT b and, .aUhe same time, 
generates a second digital signature ST b (TS b 'S b ) 
for the time stamp TS b , and the first digital signa? 
ture S b , thereafter sending them to the IC card 6 
together with the new remaining value V and the 
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update information" t b . Trie IC, card 6 check's/ the 
validity of the received first digital' signature $ b by 
the terminal public key ,nT b also received 'from the 
IC terminal 2b and, if it" is, valid, .'then updates the' 
usage information area 6M? with the' whole informa- 
tion received from the IC terminal 2b. Iri 'the' event " 
that the validity of the digital signature cannot be 
verified in the above, the IC card terminal 2b stops 
processing at that point and ejects or returns the IC 
card 2. *' 

In the case, where the. data IDT' that matches 
the data IDT a sent' to the IC card terminal 2b is 
found in the, troubled terminal list, the same pro- 
cess as described previously is performed. In this ( 
embodiment., since. the random numbers B and X, 
generated by : the IC card terminal 2 and the IC ' 
card 6, are utilized jn the transmission and recep- 
tion of information between them, the contents of 
signals will not ever become the same; hence it is 
possible to prevent an abuse using an intercepted 
signal. Moreover, since the IC card 6 and the IC 
card terminal 2 not only conduct mutual verification ( 
of the master/ digital signature but. also .generates 
their own digital signatures and mutually . verify ., 
them, the. system security can be further increased. 

Also in the, embodiment, of Rig. 12, by prestor : 
ing algorithms for encryption and decryption of 
transmission data and common encrypting and de- 
crypting keys .in the memories of the IC "card] 6 and 
the IC card, terminal^, the communication between 
them can, be made by a cipher commuriication- 
-this also provides further increased security. 

As described '.above, according to the embodi- 
ment of Rigs. tfJ and 12, when the .'IC card 6 is 
used, the terminal identification number of the IC 
card terminal 2, used', the public key for verifying 
the digital signature generated by the IC card ter- 
minal 2, the digital signature produced by the IC 
card terminal 2 for the time stamp at the time of 
the use of _ttie .IC. card 6 and update information of' 
the time, stamp,, are recorded as card usage in- 
formation in a predetermined memory area in the 
IC card, b- When , the IC card .6 is used next at a 
different ..IC.xard, terminal 2.^ the IC card 6 sends 
thereto the, card us.age information recorded in the ' 
above-said memory, and' the IC card terminal 2 ' 
specifies the previously . used iC card terminal orV 
tne basis, of the. terminal identification number in 
the card usage information sent from the IC card 6. 
The IC qard terminal 2 matches the specified ter- 
minal number with those registered' in the terminal 
hst in the IC card terminal 2, and. if the specified' ' 
terminal, number matc.hes any one of the registered 
one, then the IC card terminal 2 will read out of the 
terminal list the initial value of . the time stamp 
corresponding to jibe registered terminal nurnber 
and the : update .information also corresponding^ 
thereto. 
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The IC'c^rdlerminal' 2 -updates in e* 'initial valuenc-n: 
of the time stamp by a predetermined "algorithm on.. ] 3 
the basis 'of ; the" update -information- receivetfifromw-nun 
the IC card 6' tb obtain' the time stamp of* the IC - 
card terminal at the' time when its was- used pre- 
viously. The ! IG card terminal- 2 verifies the validity. 
of the digital signature 'for that time stamp by. the 
time stam'p itself- arid the publie key received from ■ ... 
the IC card 6 to ensure that the update information ■ i 
received from \ti&"'\C- card r 6- is valid. When the 
update information is : valid, the IC-card terminal 2 
matches it with* the' pieces of update "information 
recorded in the afore-said terminal list to make a 
check to see if the tim : e of the previous use of the / 
IC card at the IC card terminal 2,' registered rn the ' 
above-mentioned terminal list of 'the IC card 6 goes 
before or comes' after the time' when the terminal - 
number was registered in' the terminal list. If the IC 
card terminal"-? fails to- verify -the Validity of the - 
digital signature, it will judges that the -update in- f 
formation or 'digital signature received from the IC 
card 6 is 'hot' normal or valid information and pro- 
cesses the IC card as an abnormal tor invalid. card. : 
Furthermore'; if the" terminal- identification number, of. 
the IC card terminal 2 is' specified' in the -manage- -j 
ment center 4, the initial value 'of- the-'time 'stamp of 
the IC card terminal -of the specified terminal. iden- - - 
tification 'number and the update information at'that . 
time point can'- b'e -'known ■ and these; pieces. , of tu 
information can be ; registered 'in the terminal listof 
the IC card terminal : 2.'- ' r ' ■ • 1 ' '-' 

Next, a description will be given of an .embodi-,. : i. 
ment wherein the IC card' of the present invention :■ : -< 
is applied to a cre'dit card. In this embodiment -the • 
IC credit care! system to" which the- IC card and the 
IC card terminal' of i; the : present invention are-ap- 
plied has' the ' same configuration as shown 'in Fig. . 
i. The IC card terminals 2a; 2b. perform- the 
verification processing by use ! of the IC oard'6'and ■ 
provide various services. The management center. ■ 
4 holds the charges for the services used by the IC 
card 6. Each IC card terminal -2 stores in its mem-, 
ory the identification numbers of the'lC cards used 
at that 5 terminal and" 1 - the -charge's for 'the services 
rendered and automatically calls the management 
center' 4 at 'regular time 'intervals, for example, 
every day and transmits the stored information 4 to : 
the management center' 4 via the communication • 
network 3. The 'management center 4 sums up the - 
charges"'f6r each card' identification number and 
demands payment of each user every month, for. 
instance. The' internal constructions of each IC card 
terminal 2 and the IC card 6 are the same as 
shown in Figs.' 2 and 3. 

Fig. 13 is a diagram lor explaining the proce- 
dure for the user to 1 register a- password in the IC • 
card 6 by use of the IC card terminal 2. In the card- , 
information area 6MVof'the EE PROM 64 of the* IC' 
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card there-Mare written „.at .the timp. of .i issuing .the,IG| ,. r , tification number IDU' does not match the previous 

card 6 from the'lC card dispenser 5, the i dent] fica-. . tV one IDU s^en^after" "bping." entered' 'three times; for 

tion number ;1DU , for specifying .the.-user, a pa^s- ..... . ; instance, ihp lp card terminal 2 judges that the IC 

word setting number Ns assigned to each , user,- a :J ,,.card 6, discontinuing the process. .When the ideri- 

master digital signature SA(Ns) generated by • the \ , 5..... tification numbers, match', ^ the IC . card terminal 2 

management center ; 4. for. the; password setting. . , ; * produces a', disp)!^ "ENTER* PASSWORD' SET- 

number Ns by use : of a master key. . an.d, master ^ ../ TING NUMBER" on' the display 1 3, prompting the 

digital signature SAflDU'SA(Ns)) generated "by -the f;i user to enter .the setting' number. \ ! 

management center 4 .for the identification number . Upon entering trie setting number Ns' by the 

IDU and the master digital signature SA(Ns) by use ,.. w tt user with pushbuttons, the IC'card terminal 2 sends 

of the master key.. When. these pieces of data are , the setting number Ns' to the IC card 6. The IC 

written, the validity of the password setting number '. card 6 matches the currently received setting num- 

Ns can be checked through. verification of the mas- .. . t ber Ns' with the setting number Ns prestored in'the 

ter digital signature SA(INs). by the pqbljc k<3y nA. . ■ afore-mentiohe.d memory to check the validity of 

In the terminal information , -area 2Mi ( oj r ,jhe . t .is the setting number Ns' entered by the user. If they 

RAM in the itelephone,. controller,, 14 pf jthe, IC card , . not match, the, IC card '6 sends a' mismatch notice " 

terminal 2-. -there tare prestored the master, public. " to the IC card terminal. *2, which urges again the 

key nA for verifying ;thq.- master, digital signatures' , . ^, user to enter the setting number. In the event that 

created by, use^f the master key, the, terminal .. , '!! ^ the current setting number does not ' match the 

secret keys pT and qT for generating the digital. ?q" ( . previous one even after being entered three time, 

signature by. the IC card, terminal 2 and the .lermi- , v V' for example, the IC card terminal' 2 'judges 'that' the 

nal public key nT fen verifying the digital signature IC card 6 being used is abused'and ejects it and; 

created by .the IC card , terminal 2. : . , , : Sfi "■ , ' discontinues the process. When the setting num-' 

When inserted into, the: IQ card reader writer 11 , s } . bers match, the IC card 6 sends an authentication 

of the IC- card,:terminal-2 : . the: IC card-. 6, sends . 25 .,, signal OK (a first authentication notice) to the IC 

thereto the identification number, IDy., the, master, ,.. . , card terminal 2. The IC card terminal 2 provides a 

digital signature SA(Ns)- ar\d the digital , signature ' :> display "ENTER PASSWORD"' on the display 13. 

SA(IDU*SA(Ns)). The IC. card .terminal 2, verifies, in si .~. . . | i prompting the user ' to enter the password. Upon 

turn, the digital signature SA(IDU'SAiN.s)) ; by the , ; entering of .the password Nc by 'the ; user with" 

master pubJicikey -nA to . ensure th^.. validity of the , ' .30 ,, pushbottons, the IC card terminal 2 creates a digi-' 

identification number IDU. If the identification IDU * ., , tal signature ST(Nc) for the password Nc by use of 

is judged- to* be^ invalid, then . the . IC card 6 i$ <fM! the terminal secret keys pf and" qT anb sends the 

ejected or. returned: and .the process-is discontin- ^ , , t digital signature ST(Nc) and the terminal public key 

ued. When jthe identification number IDU is judged. \ ,. nT to the'lC card 6 together with, the password Nc. 

to be valid, -a prompt for: the . "input. of. password" is. . . 35-.. The IC card 6 verifies the digital signature ST(Nc) 

displayed- on' the. display 13. During :: the display of.. .., „ by*" the terminal public key nT to check the validity 

this prompt tne. input of, a -password- is enabled and . * of the password Nc. When the' password Nc ! is; 

the selection of the. password, registration by press- . valid, it is recorded in the RAM 62. The IC card 6 

ing a particular. one the function buttons 14 is made ... ' . becomes enabled for use only after the password 

effective.'; • . .fo Nc is thus. registered therein. _ ' '* 

Upon selective pressing of the password reg- ... j While in 'the 'above" the setting number Ns ,: is 

istration command button among the function, but- • ' verified on the. IC. card 6, it can also* be checked at 

tons 14. the 'IC card terminal. 2. .prpceeds .tp f . the , \ the IC card germinal 2 if the setting number Ns is' 

password registration process. The \C< card terminal also sent to the IC card terminal 2 together with trie' 

2 sends. a .notice of the. password registration to the ' card identification number IDU at'trie beginning. 

IC card 6 to. indicate thereto the start of the pass- . r ]. % However, this procedure is 'not preferable from "the 

word registration process, while at the -same time viewpoint of. security,' because the;' setting number 

the IC card terminal 2 provides a display, , "ENTER. ' Ns-informatidn that must be kept strictly secreY-is 

IDENTIFICATION . NUMBER" on the display 13, to transmitted from the' IC, card 6. Besides; in the 

urge the user to enter the identification .number, .50, case where" the. identification number or setting 

Upon entering of the identification number IDU* by number, entered by pushbuttons, do not match the' 

the user, with pushbuttons, .the. IC card terminal 2 ' previous one even after being entered three time," 

matches it with the identification number IDU pre- . , the IC card 6 could be'disabled for further use by 

viousiy received from the IC card 6 to check the writing thereinto to the effect that the IC card 6 is 

validity of the identification number IDU'. input by..; 55 invalid or abused. 

the user. When the both- identification numbers. d<? . Fig.^ 14 is a diagram for explaining the process 

not match, the IC card terminal urges again the in which the user receives a service at the IC card 

user to 1 input; the' identification number. If the iden- terminal'^ through use of the IC card 6 whic'h' is a' 
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credit card. In .the.RAM .62,of the*. I.C card 6 there is * 
recorded the password Nc.in the manner described ( 
above. When .inserted into. the IC card reader/wrjter 
12 of the IC; card .terminal 2, the,. IC card 6 sends^, 
thereto the identification numberMD.U and the .mas- 
ter digital signatures SA(Ns) and ,SA(ipU"S/\(Ns)). . 
The IC card .terminal 2 verifies the digital signature , f 
SA(IDU"SA(Ns)). by the master public, ^key n A to ^ 
check the validity of. the identification number IDU. 
When the. identification number IDU is not valid, the . " 
IC terminal 2 ejects the IC card .|6 and discontinues 
the process. ,\Am<3n the identification number is . 
valid, the IC card terminal 2 provides a. display 
"ENTER PASSWORD." on. . the, (display 13. While , t 
this display ^is being provided, the, .entering of the 
password is allowed or enabled and the re-registra- t& 
tion of thejpassword by pressing the function but- 
tons 14 is also effective. In otne t r words, if . (desired, 
the. password can be changed. At this time, when 
the user dials the password Nc', it is ; sents to the , 
IC card 6,. wherein it is matched with the prestored 
password Nc : , When they do not. match, the I.C ,card 
6 sends a mismatch notice to,. the IC card terminal t 
2, which, -prompts, the user ; to ..re-enter the pass- 
word. In the. even- that , the password does ,not^ 
match the-, prestored. one even, after, entered three 
times, for example, the JC card terminal 2 judges^ 
that the;. iC^carxj 6 is., invalid, then ejects it and 
discontinues the processing. .... . 

When- the passvyo.rd . matqhes, the prestored 
one, the IC carpi 6 sends an authentication .signal % 
OK (a second authentication, notice) to the IC card 
terminal .2,- which, in .turn, provides on the display . 
13 an indication, that r the user's specified service i,s \ f 
possible, .and then , provides the service., For in-., 
stance, in the case of a communication service by . 
telephone.. the IC card terminal 2 displays that the . 
telephone number, of the qther party to be called 
can be -dialed, and then connects, the user to the , 
party of . the; number dialed by the. user. Thus, the 
user is, allowed ,tp receive the communication ser- 
vice and .upop:; completion of the service the IC 
card terminal 2 records, in.,the service information . 
area 2M 6 of its internal memory, the identification 
number jDU. identifying ; the user, the date of use D 
and the; charge V anqVthen ejects ..the |C card 6.' 
completing ; the process.. The data .stored in the 
internal memory is transmitted to the .management 
center 4, t once. or twice daily., for ^example. The 
management ..center 4 sums up .the charges for. , 
each identification number and, submits bills tojhe 
users and receives payments therefrom every 
month.-..- . ■ y- . . 

Fig. 15 is a. diagram illustrating another em : 
bodiment of the, present- invention which provides 
increased security of, the .password -.registration pro-, 
cess shown in Fig. ,13., -In the card information area 
6M-. in the EE PROM 64 of the IC card 6 there are 
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stored the Vartf secret keys riU and qtHor ''gene'raVi - 
ing the digital signature by' 'the' IC card 6 and" the > ( 
" card public key hU for verifying the digital : signa^'T' 
'ture created by the'' IC card 6 as wefl as the' pieces' 
? of information or data - IDU, Ns, SA(Ns) and SA- ; ' 

(IDlTSA(Ns)) shown in the corresponding area 1 in*. 
" "Fig. 13. Furthermore; the IC card 6- and the'lC card *r 
\ terminal 2 kkcti ha</e* a random number generating' ' 

program stored in' its memory. In the password 
w registration process; : when the user' enters the 
password" *Nc by r pushbuttons after the verification 
' of the identification number IDO' and the setting 
number Ns' by the above-described procedures, 
' the IC card terminal' 2 creates' the random number : 
75 R and sends it to the IC card 6." The IC Card 6, rn 
turn, creates the random number X' and then gen- - 
erates a digital signature SU(FTX) for the random . 
J numbers R and x'by use of the card secret 'keys 1 ' 
'' pU and qtl, thereafter sending the random number 
X and the 'card public key hi) to the IC card : 
terminal 2 together with 'the digital signature SU- 
(FTX). 

The IC card terminal 2 verifies the digital signa 5 - 
ture SU(R*X) by the card public key hU to ensure 
that the IC'caird \6'is a valid party/ Then the IC card : 
terminal 2 creates a' digital signature ST(R'X'No) for 
the random numbers R and X and- the password 
Nc by use' of the 'terminal secret' keys pT and : qT 
and transmits the terminal public 'key mT and the 
password Nc' to 'the ; IC card l, 6 together with the . 
digital signature ST(R'X^Nc). The IC card 6 verifies 
the digital; signature 'S'T(R^Nc) ! by -the 1 terminal 
public key nT to ensure that the IC card terminal 2 
and the password "Nc 'aVe valid, j and records' the : . 
password' Nc/in^the RAM 62. 'In' this "embodiment, 
since the randorti numbers generated by the 1 IC' 
card terminal 2' and the IC card" 6 are used in the 
'* transmission and' reception of data between them,- 
, ' the signals used will not ever have the same con^ 
a6 tents-this prevents ah* abuse bf the system through 
utilization of an intercepted sighaV'Moreover. the= IC 
card terminal 2 and the ; 'IC -card 6 create 'digital 
" ' ' signatures and verify them by each other, providing 1 

j increased security. ' ' ' 
as Fig. 16 is a diagram 'showing another example 

of the process for receiving a service at the IC card 
_ ' terminal 2 through use of the IC* card described 
previously with reference t6 Fig. 14. When the user 
enters the password Nc*' by pushbuttons afte'r he 
" 50 inserted the IC card '6 into the IC card- terminal 2 
and the identification number IDU was verified by 
the procedure as described previously in respect to 
Fig.- 14, the IC card terminal 2 generates^he ranr 
dom number R and sends it to the IC card 6 
55 together with'' the password ! Nc'. The f IC- card 6 
matches the received password Nc* with the^'pass- 
: word Nc stored in the memory and, if they match 
: * each other, the IC card terminal 2 generates the 
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random nurnberyX-^d crgatesjtt^ [VV f . 

SU(R'X) for; i.tfoe^andor^ numbers 8 fn^KpV\}^%^ r . '." 
of the card. : ;;secr ( et..,keys, pU v and qU, , , thereafter tj . " r .; 
sending the random number X and the. card public, ' ^ . 
key nU to-the IC card .terminal 2. .together with the,', 5 ( 
digital signature. SU,(R"X). . .. . , . ■ . ;. ;{ , 

The IC card 'terminal 2 ; verifies the digjtal signa- , 
ture SU(FTX) by. the card, public : key nU judges lf ;; _ 
that the IC card; 6 and the password are both valid, . , ' 
and then the IC card,, terminal 2 provides on the ,. v ?o. 
display 13-an indication that the service, specified 
by the user;:is possible and executes, : the,, service. 
Upon completion of the service, the , IC .card , termi- 
nal 2 records the . identification .number identifying 
the user, the dafa.of use D and, the . service, charge v ts 
V in the service. information area 2Ms.,in jtsjnterrial. 
memory and, then.. ejects. the IC card 6, .'thus com- 
pleting the process.. As is the case with the Fio,! 0 
embodiment,. : the data in the service jnformati on \ ' 
area 2M 6 is transmitted, to the management center '20 
4 periodically, or when t the, amp.unt pf data stored , ^ 
reaches a fixed value, or when the IC card terminal 
2 is polled by the management center 4. . . 

In the.. above,- itjs possible to deal with the Joss i; 
of the IC card 6,.pr similar, trouble,, by adopting ..a ^25^ 
system configuration in which the card identifica- _ 
tion number IDU for, specifying the f IC card ( 6 and 
the master digital signature. SA(IDAJ) : tho, .master ' '[ 
digital signature SA(IDU> and. the. IC. card terminal 2\ ; . 
verifies the master .digital signature SA(IDU) by ..the 
master public*, key to check; the validity oj th.e 4 car.d 
identification- s number. In other, , .words, , when the 
user reports.- the .loss -. of. the. IC ,card^ 6. to" thV 
management center 4, the. latter regis,ters ( the. card 
identification «number, ; of that .fQ card 6 .in, a black r 
list in the IC«card terminal 2 by. ,dcwr> load. The IC 
card terminal. . 2.. matches. . the • card .identification 
number IDU with.-those in the black list'when the IC 
card 6 is inserted thereinto. If the card identification 
numbenpf. the inserted IC card 6 matches any one 
of the identification. numbers registered in the black 
. list, thennhe IC card 6 can be inhibited from use.. 

With- a system configuration in .which date in- 
formation is prestored in the EEPROM 64 pf the'lC* 
card 6 and sent to .the \Q card terminate together " 45 
with the card identification number JDU when the IC' , 
card 6: is inserted. .thereinto and compared with a 
calender incorporated -in the. IC card terminal 2. to 
judge whether the IC. card ,6 can be used or not, it 
is possible to employ the IC card 6 as a card of a 50 
limited. term of validity. i«. . 

By storing algorithms for encryption of trans- 
mission .data and. common keys for encryption and . 
decryption in both o.f the IC card 6 and the IC card 
terminal 2, the communication between them can ,. 55 
be made as a, cipher communication, providing 
increased, security;. ..... 
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As will be seen from the above, in the case of 
employing the ) 6 card 6 ahd the \0 card terminal 2 f 
in the embodiments of Figs Jl 3 through 16, the IC 
card 6 and the |C i 'card, terminal' '2 mutually verify 
their validity and 'the validity Of 'the user is verified 
by the IC' card 6 'through the IC card 'terminal 
, ? 2-this eliminates the" need of accessing the man-" 
'agement center having a database' concerning user 
' information ( when 'receiving a* service or setting a 
1 password, and hence 'permits easy system configu- 
ration. Since there is no need" of accessing the' 
management center, the* verification time can' be 
reduced and the operability of the system is In- 
creased. Moreover, since the identification number 
is verified on the basis of the digital signature 
created by use of the master key that 'is known to 
the management center alone, the 'digital signature 
' could neveV be "created using the identification' 
1 number of another user, for 'example.' Further/the 
password cannot be known from an IC card' picked ' 
up and the identification number and the setting 
number are "also unknown; ' hence, the password 
cannot be changed either. It is possible; therefore 7 , 
to construct a system of excellent security. ' ' ■ 

Fig. 17 illustrates a "modified 'form of the IC 
card system shown in Fig. 16. The IC card terminal 
2 and the IC card '6 are identical 'in their internal 1 
construction with those' depicted in Figs. ! 2 ! arid 3. r 
In the card information' area 6Mj in the EEPROM 
64 of the IC card 6 there are prestored, at the time* 
of issuing the IC card 6, the secret keys pU arid qU- 
for the creation of its 'di'git'al signature,' the" public' 
key nU for verifying the digital signature, the IC 
card identification number IDU and the master digi- 
tal signature SA(hU*IDU) of the management center 
4 for the identification number IDU and : the public 
key nU. The IC card 6 has the' password Nc stored 
therein by the process described' previously with 
respect to Fig.' 15 or 17. The identification 'number 
IDU of the IC card 6 is prestored in the' manage- 4 
ment center 4: The user inserts the IC card '6 into 
the IC card 'terminal' 2 when to receive his -desired 
service. After completion of the service, the man- 
agement center 4 performs the' charging "process 
for the IC card' 6 used. -V 
'"' When inserted into the IC card reader writer it 
of the IC card' terminal 2, the' IC -Heard 6 sends 
thereto' the pieces of information nU, IDU and SA- 
(nUIDO). The IC card terminal 2 'verifies' the master 
digital signature SA(nU'lDU) by the master public 
key nA and, if it ;s valid, provides a' guidance 'on 
the display ' 13 to prompt" the user to enter the 
password Nc. ' "■ 

When the user enters the password Nc' by 
function buttons 12, theMC card terminal 2 sends 
the entered password Nc' and the random number 
R, generated 'by the IC card terminal 2. 'to the 1 IC 
card 6. The IC card "6 matches the' received pass- 
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word Nc' with '' the - password "Nc' prestored. bri- the: 
memory:' When they match' each other, the?. IC card -m 
6 generates the random number X and creates. the . 
digital signature SU(R'X'Nc) for the^ random num-,, 
bers R and X and 'the password Nc- by-use -of the . . 
secret keys pU and qll stored in the card informa-,, 
tion area 6M/ in the EEPROM- - 64. The, digital 
signature SU(ROCNc) thus created is transmitted to : 
the IC card terminal 2 "together with .'the- random .. 
number R. >->-.•'■•■ 

The IC card terminal 2 verifies the digital signa- 
ture SU<R*X'Nc) by the card public key -nil- also 
received from the IC card 6 and, if the digital 
signature is' valid,' then displays a guidance on the 
display r3 to prompt the user to' specify the ser- v 
vice to be provided. In the case of a communica- \ 
tion service by telephone; the user enters the tele- 
phone number of the other - party's telephone, (not • 
shown) by the function buttons 12, after which a 
cail td : the ' other "party 's telephone is originated. 
Upon completion of the calPor communication, the* » 
IC card terminal' 2 transmits to the 1 ID card -6 
information which is used 'to' deal with a trouble,' 
such as the service charge V, the data D: and the . 
terminal identification number IDT, and service-in- 
formation M = (V'DiDT) which the user wants to. 
make' sure' afterward. 'The IC 1 card* 6- stores the 
service information M in the ' EEPROM ! 64 and, 
creates and" sends a digital signature <SU(M1DU) for 
the service' information M and the card* identifica- 
tion n\imbW IDU io'the'lC card terminal 2r f 

the IC card terminal 2 verified the digital signa- 
ture :SU(lvriDU)'by the card public key- nl) ahd ; - if 
valid, temporarily stores it in'" the* 'service informa-: 
tion area 2lvk of the ''memory in the telephone 
controller 14 together with the' pieces of information 
IDU, nU and M. The data thus stored in the service 
information area 2 is transmitted via the commu- 
nication network 3 to the management center 4. for 
example, every week,' or when the amount' of data 
thus stored reaches a fixed value, or the IC card 
terminal 2 is polled by themanagement center 4. It 
is also possible' to directly connect portable termi- 
nals to the IC card terminal 2 to receive and send 
therefrom the digital signature SU(M'IDU) to the 
management "center 4. The management center 1 4 
further' verifies ''tHe digital signature SU(M'IDU) and 
records the service "information M for each IC card 
identification 1 number IDU; which is used for charg- 
ing' purpose or for" making various inquiries: 

It is possible to' provide increased security 
against wire tapping through utilization of a method 
in which the IC card 6 and the IC card terminal" 2 
both have' a specific key for encrypting and de- 
crypting various pieces of information which ? are 
transmitted and received between -the' 1 - 10 card 6 
and the IC card terminal' 2. Moreover, by making 
provision for prestoring term-of-vaiidity information 



in the I C- card' and yehfy'ing' it 'by a; clbck ^hMhe'-ICV- 
card terminal, .it impossible to inhibit th'e i ab , Ose 1 '§f^ - 
the IC card ..after being lost. ' ' ' ^ v . '- ; ^ r > ,Vi 
With an arrangement wherein the identification 1 ■: 
5 number, IDC pf the card' dispenser 5 which 'records 
initial information in the IC card, the'master digital' : ; 
signature^ ; SA(IDC) of the management' center 4 for -' ; 
the identification number IDC 'and the master public - 
key nA for verifying the signature are prestored in 
w the IC card at the time of issuing it and these 1 
pieces of information ane transmitted to the IC card- ; 
terminal 2 for verification when the IC card 6 is 
used, it is possible to, rhake a check to see 'if the IC 
card 6 is a valid one issued frorn the valid IC card 
75 dispenser., , , t ■ 

While in,,the above .embodiments the usere'rV 
ters the password, into the IC card termihaf with a' 
view to. preventing the abuse of a lost' I C card', the' 
passwordi may be omitted' according to services or' ' 
20 in accordance: with user^s wishes. In 'this instance, 
the process shown in Fig. 17 is performed without 
using the password Nc. 

For. example, in the transmission of'the pieces' 
.of data. nU.JDU and SA(nU*rDU)."to the manage- 
25 ment center 4, if the amount of ' data' only by ' 
nlTIDU. is insufficient to prevent abuse,' it is possi- 
ble, in. practice, .that data C, which is not needed, in 
particular, is ; adclcd to provide a sufficient amount 
of data nU, IDU. C and SA(nU'IDLTC).' 
30 Thus, according to the embodiment of' Fig. 17, 

since the. information for specifying "the IC card 
appended with the, digital 'signature of the manage- 
ment center 4 qap be verified at the 'IC card termi- 
nal, the management center. 4 having' a "database 
35 concerning IC cards need not be accessed before 
receiving services and the use of an invalid IC card 
can be prevented. Moreover, the service informa- 
tion such as the service charge' to be paid or the 
history of use which is used in the case of a 
40 trouble or used as a reference by the user is 
appended with the digital signature of the IC card 
and transmitted to the IC card terminal, from which 
the -service information appended with the digital 
signature is transmitted to" a charging center for 
45 storage therein. The service information thus stored 
in the center cap be used as evidence in the case 
of dealing with a trouble. 

It will be. apparent that many modifications and 
• variations may be effected without departing from 
50 the scope of the novel concepts of the present 
invention. ... . .. . 

Claims 

55 1. A method for the settlement of charges by an 
IC card wherein said IC card has card informa- 
tion memory means in which there are written 
from a management center a master public 
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ke y v) nA i -4pr r veritying a. master < .digital signature _ _ 2. 
SA seated, by saidL .cn^hagement^nfeV by use" ■ 
of master keys pA and qA.'.card : secret' ; keys' ^ 
pU and qU .f.or creating a. digital" signature" by-' - 
saidJC card/a card public "key nU for*verif)ji.ngj " 5 
saiql digital! signature of said IC'card./a card' 1 _ 
identification number' ibU/^a^Jir^t™? 81 ^'. 'VM 
digital .signature SAi' created' by use oP said _ : ■ ^ 
master keys for information including said : card ; 1 
identification number IDU, and an l'C card ter- " -i& 
minai has terminal information memory means :: ' 
in which ( there are written 'from safcT manage- 
ment' center said master public key nA, termi- ' 
nal secret. keys pT and qT for, creating a digital " 
signature by said IC card terminal; a terminal is 3. 
pubiic,.key nj tpr verifying said digital sigha- : ■■' • 
ture. of said, iQ. card 'terminal,' a termiriafideh-' 
tifScaW'^numCier/iDT'ana a second master ' 
digital signature SA2 created by use' of said' 1 
master keys pA and qA for information includ-' 20 
ing said terminal identification number IDT, v 
and wherein said IC card is issued' from' said ■•■ ' M 
management center via an IC card' dispenser \ 
and", used to receive* a service at ! said IC card 
terminal and settle the charge therefor! 'said 25 
method comprising: 

,.: a step wherein said IC card transmits said " 
card ,public key nil, said" card' identification ; ' ' 
number IDU and saijd /irst master digital 'signa- — : 
ture §A1to.said IC card 'terminal; ' J 30 

a step, wherein said lb' card 'terminal veri- 
fies said, first. master digital signature SA1 'and, '■ 
if .it is valid, .transmits said terminal public Key 
nT, said terminal 'identification number IDT'and 1 
said "second master'' digital' signature to' 1 said IC - 35 

•card; , . , ' ,. . r 

a step wherein, said I C card verifies .said 
.second master digital signature 1 SA2 and, if it is 
valid, .transmits information corresponding to' 
the current remaining value V to said IC card- ; -40 
terminal: * . 

' .. a step wherein' said IC card terminals • 
makes a check to" see if said information cor- j 
responding to said current remaining value Vis '"' f 
' appropriate and',' if it is appropriate; becomes '■ 45 
enabled fpr providing a service; 

a step wherein, after' completion of said ' ! 
service, said. IC card terminal creates an' up- 
dated remaining value V and generates a ter- 
, .minai digital signature ST for information in- so 
eluding said updated new remaining value and v 
then transmits said terminal digital signature : 
ST to said IC card together with said updated 
remaining value V; and 

( a step wherein , said IC card verifies said 55 
terminal digital signature ST. ' 



The method of claim 1, wherein said step of 
transmitting said information .corresponding to , . 
said current remaining : value V of said IC card 
is a step .wherein said, IC card. creates digital, , 
signature for, information including, said .current 
remaining value V and : transmits it to said IC 
card terminal., together with said current re- 
maining, value V and. said card public key^nU, 
and said step^of checking said ; remaining value t . 
by said- IC card terminal is a step wherein said 
IC card terminal verifies said digital signature 
of said IC card, and, if vaJi.d, becomes enabled , T 
for provfding said service. - ■; >. , ; 

s , , »- J .... . 

The ^method 'Of .claim 2, which includes a step 
wherein when it is verified : at said IC card 
terminal . that said* first master, digital signature 
SAl is valid, said IC card terminal generates a 
random number R and transmits it to; said IC , 
card; and. ■ , , . , 

wherein said step of creating said digital 
signature .of said IC card is a step wherein 
when it is" verified that, said second master, 
digital signature is valid, .said .jeopard gen- 
erates a random number X and creates a.digi- t 
ta! signature for. information .including said re- 
maining value V and said random numbers R , 
and X, .as. said digital signature.,SU for. informa- 
tion including said remainder -value V; ancj 

wherein said step of creating said terminal^ 
digital signature of said IC card terminal, is a 
step wherein said.. 10 card terminal creaks a 
digital signature lor information including said 
updated remaining , value V and said .randqm 
numbers R.and X.,as satd digital signature ST " 
for information including said updated. remain- ' 
der value V - ( , . 

. j : • f ! . . • i ■ • 

4. ThenfTiethod . of claim 1. wherein saici IC card 
has usage information memory means, and 
which further includes a step wherein after 
completion; of said service said IC ; card up-' 
dates the contents pf r . said usage, information' 
memory, means with whole,, information ' re L 

: ceived. from said IC card terminal... , 

5. The- method of claim 1, wherein^ said JC card . 
. terminal has usage, management memory 

means, and , which . further includes: a step 
•wherein after completion of said service said 
IC card terminal generates usage/management 
information- from information including at least 
said remaining , value. V and said .card iden- 
tification number IDU received from said , IC 
card prior to the start of said service and writes 
•said .usage/management information into said 
; usage/management memory means; ( and a 
.step -wherein said.lC card terminal transmits 
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said usageAmanagernertf -information stored in , 

said usage/management memory .means to )M 

said management;, center when a , pr§deter> , 

mined, condition is satisfied;, .. » : • ; ., \ ■,<: 

6. The method of .claim 1, 2. a.- or 4. wherein ; said 
IC card - terminal has a list.:, of invalid card 
identification, numbers, prov.iderj from, said man- 
agement \center, and which., further includes a , 
step wherein when having received said card . . 
identification number IDU from said IC card, 
said IC card - terminal matches said cardjden- 
tification number,- with all of said. : .invalid card 
identification numbers .and,, if said , card iden-, 
tificatidn number IDU matches any one of said 
invalid card identification • numbers.,. said IC 
card; terminal judges that said. I£. card is in- , 
valid, then discontinues- processing- 

7. The- method - of claim 6, wherein said IC card 
terminal -has usage/management. .. memory • 
means 'and 'said . management center has a. 
database, . and whichr further .includes, a step 
wherein rafter completion, of. said service said 
IC card terminal. generates usage, management 
information from information including at least 
said remaining value V, ; and'. said card iden- , 
tification -number IDU received from ? said IC , 
card' prior; to the start of said service and writes 
said usage/management information, in said us- 
age.-management- • memory —means; a .step,, 
wherein said IC card terminal transmits ■ said ■ 
usageimanagement :infor.mation .stored, in .said 
usage/management memory means to, said., 
management center when a .predetermined, 
condition is. satisfied or m response, to a -re- 
quest from said management center;, and, a 
step wherein said management center matches, 
said received usage management, information , 
with : usage.management information prestored . 
in said database and, if they match each other., 
transmits said" card identification number IDU 
of said Vsage 'management information as an 
invalid card . identification number to each IC . 
card' terminal for -.addition to said list therein, 
and when no match is found, said manage- . 
ment - center. ;adds said .received - us- 
age. : management information to said database. 

8. The method of claim ,4 f wherein- said IC.card - 
terminal, has, as -a troubled terminal list, trou- 
bled -terminal identification numbers,, initial val- - 
ues '--of -a time- stamp and . the number of, its 
updates both corresponding to said troubled 
terminal numbers,, provided from said manage- 
ment center, and the previous .card usage in- 
formation held in said usage, in formation, mem-, 
ory means of said IC card includes the pre- 
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vious terminal "identification number/' a' Ii time ,! • 
stamp digital signature . created ? by the pre- 
viously, used '\C card terminal'' for" ihfonriaftorf^ 
including V time stamp by use 'or' ; its terminal 
5 secret keys and the previous 'number' b'f up- : 

dates, said method further including: 

a "'step wherein said' IC card terminal up- 
dates and generates a time stamp TSat-de-' 
' . sired time intervals from a time stamp initial 

w value provided from said management center 

with a predetermined recursive lagorithm and 
( updates .the .number of updates and transmits 
said number of updates to said management' 
, center for .each pudate; a st£p wherein prior to 
the start of .said service said 1 IC card terminal 
receives from.' said IC card 'the previous fermi- 
nal identifipatipn number, a digital signature for; 
information including said previous time stamp* 1 
and, said previous number of updates* and 
makes! a check to see if said received previous 
terminal, identification number matches any- 
one of., said, 'troubled 'terminal identification 
number in said list; a step wherein When said 1 
received previous terminal identification num- ; 
ber is found in said troubled terminal number 
list, said IC card 'terminal updates said time 
stamp from said time, stamp initial value' by a - 
number of times equal to said : previous' num- - : 
ber of updates' in accordance with said al- • 
.. so gorithm to obtain a pseudo-current time : stamp;' 

a step wherein said IC card terminal verifies s a : 
digital signature of said time stamp 'by said" 
> pseudo-current tirne stamp and said terminal 

public key nf; and a step' wherein when' it ; is • 
35 verified that said digital signature' of said time 

stamp is valid, said IC card terminal compares 
said received number of updates With the num- 
ber of updates read out of said memory means 
and, when the latter is smaller than the former. 
, ao said IC card terminal judges that said IC card 

is invalid and discontinues processing, and 
when the latter is not smaller than the former, 
said IC card terminal judges that said IC is 
valid, and. after providing said service, creates 
45 a time stamp digital signature for information 

including said current time stamp and trans- 
mits it to said IC card.' 

9. The method of claim 8, wherein said manage- 
so merit center has a database for managing- all 
terminal identification nunibers, all the stamp 
initial values and all numbers of updates, and 
which further includes a step wherein- upon 
receiving said terminal identification number 
55 and said number of updates' from said IC card 
terminal, said management center uses said 
received number of updates to re-write' the 
number of updates" of the corresponding termi- 
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nal identification. number in said database. 

10. A method overeating an IC card/ comprising: 

a- step -wherein an IC card dispenser trans- 
mits, to said lp card, card information inclu'd- 
ing: a master public key hA 'for ; verifying a 
master digital signature created by a manage- 
ment !center; card secret. .keys pU and qU for 
creating. a digital signature by said IC card; a ' 
card public key..nU for verifying said digital . 
signature of said ( IC card; a card identification 
number IDU; $nd a .first, master digital signa- 
ture } SA.1 created by. said .management center '"' 12. 
for information including said' card pubiic ,: key 
nU and. the. card identification number' iDU; '15 

'.a ...step wherein said I C .card verifies said ' 
first master, digital signature SAi and/if. valid, ■ 
writes .said card information into card' informa- 
tion memory means; 

a step wherein said IC card reads but said '"20 
card public key nU,' said' card' ''identification 1 ' 1 
number IDU and said first master" digital 'signa- 
ture SA1 Jr.om said card information memory 
means,, and. transmits , then' to iC said ( card 
dispenser; . , ( . ^ 25 

• a. step wherein IC said card dispenser veri- \ 
ties sajd first master .digital signature ' arid, " if 
valid,, transmits, to said IC card, an' amount " 13. 
value V created by said management 'center' 
and.-a .third., master .digital .signature SA3 for * '■" 30 
information said value ' V and said card iden- 
ti fixation number IDU; and . 

( a step .wherein said IC card verifies said 1 
third .master digital "signature sX3 and,' if valid, '"■ 
writes, information .including said value V and"" 35 
said third master digital signature' SA3, as in'i- ' 
tial..da.ta of card usage information, into usage' 
information memory means. 

11. The method, of claim . 10. . which, further in- 
cludes: , 

a step wherein said IC card dispenser veri- 
fies said first master digital signature SA1' and, 
if valid, generates and transmit a random nunv 
ber. Y.Jo said IC card; 

a step wherein said IC card generates a 
random number X and creates a digital ^signa- 
ture SU for information including said value V ' 
and said, random, numbers X and Y and then 
transmits said digital .signature SU said IC card so 
dispenser together with said' random number " 

x;.',"- , " ' ", ■ 

. a step, wherein said IC card dispenser veri- 
fies said digital signature SU and, if valid, 
transmits said .random numbers X and Y, said 55 
value V and said card identification number 
IDU. to .said management center; ' \[ 
. -, a - step wherein said .management center 1 
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creates, as said master digital signature SA3. a 
digital signature for' information' including ..said 
random numbers X and Y, said value V and 
said card identification number IDU and. trans- 
mits said digital signature to said IC card>via 
said IC card dispenser; and 

a : ' step : wherein said IC card writes said 
third master digital signature, as said card us- 
age information^ "into 'said usage information . 
memory "means together with said value V and 
' said random numbers X and -Y. •* ■!»■•• 

The method of claim 10 or' 11, wherein said IC 
card has 'p'restored therein an encrypting key 
KU produced by said" management center from 
said identification number IDU by " use: of a 
master key KA at the time of writing said. card 
identifications-number TDU, and when receiving 
said card identification number IDU. "said man- 
agement center creates said encrypting key 
KU by use of said master key: KA > and trans- 
mits said encrypting key V KU to said-IC card 
dispenser, and* wherein 'transmission :and re- 
ception' between said IG card; -said manage:- . 
ment center ■ and' said • IC card - dispenser is - 
conducted using said encrypting key. . • , 

A password registration- -method for an IC card; > 
wherein said iC card has ' card •• information, 
memory ' means wherein there ■ are- .written,- as; 
card information, from' a management^center a 
card identification "number IDU, a predeter- 
mined setting' number' Ns, a fourth* master digi- 
tal signature SA4 foresaid setting number^Ms, 
and : a' fifth master digital signature /SA5 for 
information including said card identification 
number IDU and said fourth master digital sig- 
nature SA4. and wherein an IC card, terminal 
has terminal information memory means 
wherein there are written., as terminal .informa- 
tion^ from ' said management center , a master 
public key -nA for verifying a master digital 
signature, terminal secret keys pT andqT : tfor 
creating a digital signature - by said \G 'card 
terminal 'and a terminal public key oT for veri- 
fying said terminal digital signature;- said- meth- 
od comprising: " " -^"-4 

' a step wherein said IC card transmits said 
card identification number IDU and said fourth 
and fifth master digital signatures SA4 and 
SA5 to s&id-IC card terminal;- • ■» ■ 

• a step wherein said* IC card terminal, veri- 
fies said fifth master digital signature SA5. and; 
if valid, becomes- enabled for password reg- 
istration processing 1 , and transmits • a setting 
number Ns' to said'iC card when it is- entered; 

a step wherein* said IC card . transmits an 
authentication signal* to said. ICicard terminal 
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when said setting number Ns' received from 
said IC card terminal. ..matches .said .setting. . ^ 
number Ns in said ..card information memory 
means; . • , t . „ 

a step wherein upon receiving said aujthen- , . ' 5 
tication signal, said IC card terminal becomes 
enabled ^fpr entering of password and creates a 
terminal digital, signature' ST for information 
including an entered password Nc and trans;. . 
mits ^aid terminal digital signal ST. to saici IC w 
card together with .said password Nc and said 
terminal public key nT; and ... 

a step .wherein said IC card, verifies _ said 
terminal digital signature ST and, if valid,. | 
writes said password Nc into password mem- ;i 75 
ory means. , ■ . 

14. The method of claim 13, ; wherein .s^aid IC card 
has card secret keys pU and qU for digital 
signature; creating use and ..a card, public key 20 
nil prestored rn said card information memory ., 
means . from ; said management center, and 
which further includes;. . . ... -is. . 

a. step wherein when . said password. Nc is 
entered,, said IC card .terrpinal. generates a ran- . 25 
dom number-. R. ano\ transmits it to said IC carp 1 ; 

a step wherein upon receiving said random 
number FU said IC .card generates a random 
number X .and creates a card digital signature . 
SU:fpr information, including said random num- 30 
bers A and X and transmits said digital signa-^ .' 
ture : SU to said IC. card, terminal together with 
said ;random number .X ..^nd s^id. card public . 
key nO; and • .■ . . . . v ; . ,, : 

a step wherein said IC card terminal veri- _ ^ 35 
fies said card digital signature SU and. if valid, 
creates a terminal digital signature for informa- r 
tion. including said random numbers R and X 
and said password, Np and sends it as ,a digital 
signature including said, password Nc. *o 

15. A method, fpr . the . settlement of charges by an , . 
IC card,,- wherein said. IC card has card in- 
for,rr\ation : memory mean? wherein ..there writ- 
ten,,, as -card.. information, from a management 45 
center- ; a. car^.jdAntifi cation number. IDU, a pre- 
determined setting number Ns, a fourth master 
digital signature SA4 for said setting number 
Ns and a fifth master digital signature SA5 for ; 
information including said card , identification 50 
number IDU, and said fourth master digital sig- 
nature SA4, and wherein an. IC card terminal, 
has. terminal..- information memory means, 
wherein there are . written, as terminal informa- 
tion, from, said management center a master 55 
public key nA for verifying a master . digital 
signature, .terminal, secret keys pT .and qT for 
the creation of a terminal digital signature and 
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a terminal public key nT for verifying said 
terminal- 'digital signature; 'sard method -corn-' 
prising: • • " '" J " 

a step wnererri said IC card 'transmits' -said ' 
card iyehtificatioh number'IDU and' : $aid fourth- 
and fifth ,mctet*er digital signatures- to said IC 
card terminal;" " 

a 'step wherein said IC card terminal veri-' 
fies said fifth Vna'ster digital- signature SA5 and, 
if valid, instructs' the entering of a- password 
and transmits a' password Nc' to said IC card 
when if is entered; ■" ' 

a step wherein said IC card matches said 
password' Nc* with said " password Nc in said 
card information 'memory means and, if they* 
match,' '"transmits an' authentication signal 'to 
said ifc card terminal; and ' ' : i; ' ; 

a step wherein ujDOri' receiving said authen- 
tication' signal, said IC card terminal becomes 
enabled for providing a service and, after' com- 
pletion of said service, records information in- 
cluding an Amount' value V for said service and 
said received card identification -number. IDU, 
as usage/management information, in us< 
age. management memory means. ; •■■ 

16. The method of claim 15, wherein said IC card 
has' card secret' keys "pU and qU for the cre- 
ation : of a digital signature and a card- public 
key nO prestored 1 in said card "information. <■ 
memory means from said'niahagement-center*-' 
and which°further' includes: ' 1 '• • 

"a step wherein 1 when said password No is* 
entered," "said IC ca'rd terminal generates ' and... 
transmits a random number R to said IC-card; • 

a step wherein' upon receiving said' random = 
number A,' said IC card generates 'a random 
number X and creates a 'card digital, signature 
SU for information including said Random num- 
bers R and X and transmits it to' said IC card 
terminal together with said random' number X 
and said card public key nU; and 

a ! step wherein said IC card terminal veri- 
fies said card digital signature 1 SU and, if valid, 
' becomes enabled for providing a service, on 
the assumption 'that it has received said au- 
thentication signal. 

17. An IC card' terminal comprising: 

' ' a memory wherein there are prestored a 
master 'public key nA for verifying- a digital 
signature, terminal secret keys pT 'and qT. for 
the creation of a terminal digital signature, a 
terminal identification' number IDT, a' terminal 
public key nT for verifying said terminal -digital 
signature, and a second master digital signa- 
ture SA2 for information including said terminal 
identification IDT 'and said terminal public key 
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rr>eanjS i for ; -.y.erifying a,, first ..master, ^igitaj ^ " 
signature SA1, received from an IC card, by,, V " 
said .public .key- nA ..apd : for transmitting an 
authenticatiQn,notice to sajpMC card.vyheri^^id z> 
first master digital signature S/=V1 ( is .valjp!^ ;j . ' 

means whereby a digital signature ..Su , f of " 
said .IC card for information including , an ' 
amount value V an.dja card identification nurp- 
ber IDU, received from said IC card.,,! s. verified w 
by a card public key nU .and a servicers" , 
initiated when said amount value V is vajid .a.nd 
sufficiently large; 4 , ... 

means whereby , .upon completion t of said 
service^ the charge for said service is. sub- ' 'js 
tracted from- said , amount value V to. obtain a 
remainder value V and a digital signature ST..".''" 
by said {-terminal key for information^ jnciuding 
the remaining value V* and. said card identifica; 
tion number IDU; and 20 

means .for. transmitting said digital signa- , . 
tures ST, said remaining value V;,. said second , . 
master , digital, signature t SA2, . said terminal 
public key nT...and saio* terminal identification 
number IDT to said IC card. . 25 

18. An IC card comprising: . .. ., . . .■«■ -.. 

•a- memory, wherein >therc are. prestored.^a . . ri 
master , public key nA v a card secret, key, pU , 
and\qU. t foMhe creation, of a, digital signature of 30 
said IG xard, .a-'Carcl identification number. IDU,'" , r 
a card public key nU for verifying said, digital. . ( 
signature- of said |C card, a. .first master digital 
signature-, SA1 by said master, key for informa- 
tion : including ( .said identification number IDU . 35 
and said card publ.ip key pU, amount value 
information V, and a third master .digitaj, signa- 
ture;. SA3 ; by -said rpaster key for, information " 
including, said, amount .value .information V and . 
said -card. identification .number. IDU; , 4 o 

means which transmits said public key nU. 
said card identification; number IDU and said 
first- master digital signature ; ,SA1 : to said IC 
card , terminal upon insertion thereinto of said 
IC card. . . ] 45 

i.means for creating, a . digital signature SU 
by said card secret key for information includ- . 
ing said amount value information V; 

means for transmitting said amount value 
information. V and said digital, signature SU to 50 
said IC card, terminal , upon .receiving an an- 
thentication .notice from. said IC card terminal; 
and .; ...... 

, means for verifying received second mas- 
ter digital signatures SA2 and ST by said pub- 55 
lie keys nA : and nT,, respectively, and. stores, 
amount value information V in said memory 
when .said second master digital signatures' 



SA2 and ST are valid. 

19. An IC card terminal comprising: ' ■ 

a' memory having stored therein a terminal 
identification number for specifying said IC 
card terminal; ' ' 

a : 'memory for storing card identification 
numbers as a card identification number list; 

means' for 'matching the card identification 
number received .from an IC card with data' 'in 
said identification number list and foV initiating 
a service if amount value information received 
from said IC card is sufficient when said card 
identification 1 ' number received 'from said-IC 
card does not any one said' card identification 
numbers in said list; •• ' •-< ^ . m, 

means for transmitting said terminal iden- 
tification number to said IC card together with 
new amount value information 1 after completion 
of said service; 1 ' ' ] ' ' " 

means whereby only in the case of trans- 
mitting said new amount value information- to 
said IC card, usage. -management information is 
created from previous usage information in- 
clud i n g ' am o u n t value i nf o'rm ati o n , ' : ' the * 3 c'ard 
identification number and* trve terminal iden- 
tification number, received' from said' IC ' card 
prior to the start of : said service; 

means for transmitting' ; said us- : 
age'mahagemeht information to a management' 
" center together with said card identification* 
number; and " ' ' '' ' 1 * ■ '•' 

means whereby card identification- num- 
bers received' from said management center 
are additionally registered in said carcT iden-. 
tificatibn number list. v * .•';!.•• .» 

20. An IC prepaid card -system comprising; - 1 ■ 
' an IC 'card including; usage information 
memory means for storing a card identification 
number identifying said IC card and previous 
usage information including amount value in- 
formation; means for said' card 'identification 
number, said amount value - * information 'and 
said previous usage information lo an IC card 
terminal; and means for receiving hew 5 amount 
value information'ahd' usage information- includ- 
ing a terminar'identification : number from said 
IC card terminal and for * storing them in said 
usage information memory means; 

said IC card terminal of claim 19; and 
a management 1 center which 'has a 
database for' storing usage/mana'gement infor- 
mation for -each 'IC card identification number 
and' means whereby the card identification 
number and usage/ management ' information 
received 1 from said IC card terminal 'are 
matched with card identification' numbers and 



23 



45 



EP 0 588 339 A2 



46 



usage/management- .ipfprgi.at.ioa registered . in 
said database and, 'when they ..dp. not match 
each other, said card identification number and , 
usage/management information from said IC 
card terminal are additionally .register^ m said, 
database,; whereas ; when they match, identified, 
identification number is. transmitted |C and ter- : 
minals.- ' ■ ■ - » . . , * i ti . , r , 

21. The v.\C : prepaid -card system- of . claim. 20,,' 
wherein at least one of said IC card and.saici . 
IC card terminal has- random. . generating 
means, said usage information containing a 
random number generated by said random 
generating means. 

22. An IC card terminal comprising: 

means for updating a time stamp at proper 
intervals by a predetermined algorithm; 

means which upon each updating of said 
time stamp, transmits update information re- 
presenting the number of updates to a man- 
agement center; 

a memory wherein there are stored a ter- 
minal identification number for specifying a 
terminal, said time stamp, said update informa- 
tion, a terminal secret key for creating a digital 
signature and a public key for verifying said 
digital signature; 

a memory wherein a terminal identification 
numbed, a time stamp initial value and update 
information received from said management 
center are recorded as a terminal list: 

means whereby a terminal identification 
number received from an IC card , is matched 
with said terminal identification numbers in 
said terminal list, and when the former match- 
es any one of the latter, the time stamp initial 
value in said terminal list is updated by said 
predetermined algoritnm in accordance with 
update information received from said IC card, 
and a digital signature received from said IC 
card is verified by said updated time stamp 
and a public key received from said IC card, 
and when said digital signature is valid, said 
received update information is matched with 
update information of said previously matched 
terminal number in said terminal list, thereby 
judges the time when said IC card was used at 
said IC card terminal of said received terminal 
identification number: 

means for digitally signing said update 
time stamp by use of said terminal secret key; 
and 

means for transmitting the terminal inden- 
tification number for specifying said IC card 
terminal, said update information, said public 
key and said digital signature to said IC card. 



if* 

' 23. An IC card system comprising: «*.■ .r. n>v*} bt?.o : 'v 
sairj iC^caVd* terminal of "felaim *22i> V -- m->p *. 
an f IC ' card -having'' a Memory wherein ;.the^ 
termih'aV identification nurn-ber. update -informa- ,,. 
.5 'tion. ^'pL/bilb key 'and a digital signature: for a 

time stamp received from said IC card terminal 
are sfbVed/knd means whereby.when -said IC 
,; card ss "inserted in'to an IC card*;terminal, sad,, 

terminal identification number;/ said update in 7 
% formation; :> said public- key and Said -digital sig- 

nature for time ' stamp in said- memory are 
transmitted tB said IC card terminal;:.and 

a man ; a$eme'rit- : center which has- a. - 
database' for managing the terminal identifiica- • 
15 ' Won numbeV^of eacri ? IC card 5 terminal,: anrini.tia! ■ 

value of the 1 ' time Stamp and update- informal, 
tion, means "whereby upd'ate : information re- 
ceived from' said 1 * IC card terminal is replaced 
for update information of "the corresponding. 
20 terminal identification number in said database, 

and means 'whereby a selected sel>of terminal 
identification - number/ time stamp initial value 
and' update information in said database are 
transmitted' : to' every IC'card terminal: , -. 

24. An IC credit card comprising:' . • r '•• 

a 'memory* f6r ' storing- anr identification, 
number IDU for specifying a user, .a password 
setting ' number- N's.' a- digital signature SA.by a 
go ' : master key for information' : inckjding said iden r . , 
tification number IDU' and ;, a^'password Nc;-> ;.c ,. 

means for transmitting said identification- 
number iDll aho said digital signature SA, to an 
IC cird terminal i * fl, v * > i .< 

35 " means whereby a password setting;.num- 
ber Ns' received from said IC card terminal is 
matched with said password setting number 
Ns stored Hn said memory," and <when -they 
match each other.' a first 5 authentication notice 
40 is transmittals : to said IC-eafcM terminal,; ;. 

means whereby at thV'ti me of registering, a 
password, a password if Nc; a digital signature, 
sY by said iC card -terminal for information 
including said password' Nc • and r a terminal 
45 public -key L: nt of 'said' IC card^ terminal ar,e 

received from said IC card terminal and . said 
received digital' signature* ST is- verified by sa'd 
terminal public key' nT and- only; when , said, 
digital' signature ' ST -is Valid, said received: 
so ' password Nc -is record in said memory;- and 

l "' means 'whereby - prior to -the [Start ■ of -a 
service & password Nc' received from said-^C 
card' terminal is matched with said password 
Nc stored in said 'memory and, when- they 
55 materia second' authentication .notice is transr 

mitted to said IC card terminal. 
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25. An IC card terminal comprising:, , ; . <:i . -,, >r 
a memory wherein- there are scored, am as t., 
ter pub'lfc f key rVA and ia, terminal pjjblic^key pt, 
for verifying a digital signature SA^anct : terminal . , 
secret keys pTand qT for .creating terminal u 
digital Signature: . ■ ■' • _- t ; i r .. JL.i <. •..„■ . ,, 

means which -verifies a/digital signature SA.. 
received from an - IC. card, by said public frey . 
nA and,- if 'an identification; number,., IDU ,re- . 
ceived from said a\€ card is. v^lid,.. enables the. 
. registration or entering of a p^ssyvord;. 

means whereby when the registration of a , 
password is chosen, an .identification number 
IDU* entered from input means,, is .matched, with, 
said !< identification number. )DU receiyed .from 
said* IC card and when, they match^thejnput of 
password :setting number is instructed; 

^means' for transmitting to sa# IC .card. a . 
password setting number Ns* entered from u 
said fn put -m'eans; f.i ■• • . .< i , ■:-.< 

means which- when .having received a first. t 
authentication notice, from -said IC card, creates 
a digital " signature ST by said .terminal secret, 
keys pT and ,r q»T.-for /information ,inqluding_a ? 
password Nc entered from said input means; 

means for transmitting said password Nc, 
said digital -signature , SJ; ,and : said .terminal 
public key n~T. to said:lC-.card;.. , « . , - , riil ,. 

-means whi'ehv>when ,,the input .pf.,a pas.s r . 
word? is chosen, transmits', a p^sword Ne^en- . 
tered frorrfl said 'input, means to said IC.card;. 

and * • ■ ' *- »"•- . .* t: ,;t : > m 

•^means for -permitting *a .service when hav.- 
ing received a second authentication, notice,, 
from said IC card..; t .\^- t t\\. . r.. 



,5 



75 



.20 



25 



SU1 and SA, means for creating and transmit- 
ting said service information -M to said IC:card. 
and means for 'receiving said digital signature 
• su2 . "^y r >\. > • : • ■ 

27. The IC card system of claim 26, -wherein: said 
IC card' terminal includes means - whereby a 
password Nc entered ; by a ? user is^ transmitted 
to said IC card, and said IC card includes 
means whereby said password Nc' received 
from said IC card terminal is matched with ia 
password Nc prestored in a memory to there- 
by verify said password Nc/- 
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26. An IC'card system .comprising:. 

' an IC i eard' including: means for-, .generating , it 
a random number X;. means for , creating an IC 
card digital, signature.. SU1 for, information in- 
cluding a random, number R received from an 
IC 'card terminal and. said, random number. R: 
means whereby a. master digital signature SA 
created by*- a' management center for informa- 
tion including a public key nU of said IC card ^ 
and a card identification IDU, said random/ 
number said digital signature SIM, said public 
key nU and -said card ..identification number 
IDU 'are transmitted - to .said IC card 'terminal; 
means for creating a IC card digital signature 
SU2> for' information including, service informa- 
tidn fvl including a. -service charge, received 
from said IC card 'terminal, and said card iden- 
tification number IDU; and means for transmit- 
ting said digital signature < SU2 to. said IC card 
terminal; and ^ 

an IC card terminal which has means for 
receiving and verifying said digital signatures 
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© An IC card (6) has a card information memory 
area wherein there are written a master public key 
nA, card secret keys pU and qU, a card public key 
nU. a card identification number IDU, and a first 
master digital signature SAi for information including 
the card identification number. An IC card terminal 
(2a.2b) has terminal information memory area 
wherein there are written a master public key nA, 
terminal secret keys pT and qT, a terminal public 
key nT, a terminal identification number IDT, and a 
second master digital signature SA2 for information 
including the terminal identification number IDT. 
When inserted into the IC card terminal, the IC card 



sends thereto the data nU, IDU, and SA1. The IC 
card terminal verifies the digital signature SA1 by 
the master public key nA and, if it is valid, transmits 
the data nT, IDT and SA2 to the IC card. The IC 
card verifies the digital signature SA2 by the master 
public key nA and, if it is valid, transmits information 
corresponding to the current remainder value V to 
the IC card terminal. The IC card terminal makes a 
check to see if the received information correspond-' 
ing to the remainder value V is appropriate, and if 
so, becomes enabled for providing a service. 
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